Tag: mandiant
-
Chinese cyberspies breached dozens of telecom firms, govt agencies
Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. >>Mandiant and Google Threat Intelligence Group (GTIG) have identified…
-
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Tags: china, credentials, cve, exploit, google, group, intelligence, mandiant, threat, vulnerability, zero-dayA maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG).The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials…
-
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-exploits-dell-zeroday/
-
Zero-Day in Dell RecoverPoint Exploited by Chinese Hacker Group
A critical zero-day vulnerability, tracked as CVE-2026-22769, is being actively exploited in Dell Technologies’ RecoverPoint for Virtual Machines. According to Mandiant and Google Threat Intelligence Group (GTIG), the flaw carries a perfect score severity score of 10, and has been weaponized by a Chinese threat cluster, identified as UNC6201. First seen on thecyberexpress.com Jump to…
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
Microsoft Urges Users to Finally Ditch NTLM Authentication
Seeking to Add Urgency, Mandiant Publishes Rainbow Tables for NTLM Key Hashes. For nearly 30 years, security experts have warned organizations to ditch the weak NTLM authentication protocol in Windows. But its use persists, even amidst easy and active exploits. Now Google has published rainbow tables for NTLMv1. Will this finally drive holdout organizations to…
-
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
-
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/
-
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/28/winrar-vulnerability-exploited-cve-2025-8088/
-
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it
Tags: attack, authentication, computer, credentials, crypto, cve, data, data-breach, email, encryption, group, Hardware, international, mandiant, microsoft, network, ntlm, phishing, risk, service, supply-chain, theft, threat, vulnerability, windowspass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.None of this makes NTLMv1 less secure or easier to target than it already…
-
Mandiant Publishes Rainbow Tables That Crack NTLMv1 Admin Passwords
Mandiant haspublicly releasedcomprehensive rainbow tables designed to crack Net-NTLMv1 authentication hashes, addressing a critical security gap that has persisted for over two decades, despite the protocol being deprecated and widely recognized as fundamentally insecure. The decision to release these tables underscores the urgency of migrating away from this outdated authentication mechanism, whichremainsprevalent in active environments…
-
AuraInspector: Open-Source Misconfiguration Detection for Salesforce Aura
Mandiant has released AuraInspector, an open-source command-line tool designed to help security teams identify and audit access control misconfigurations within the Salesforce Aura framework that could expose sensitive data, including credit card numbers, identity documents, and health information. The tool addresses a critical gap in Salesforce Experience Cloud security, where complex sharing rules and multi-level…
-
AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations
Google and its Mandiant threat intelligence unit have released AuraInspector, an open-source tool aimed at auditing data access paths in Salesforce Experience Cloud … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/13/aurainspector-open-source-tool-salesforce-aura/
-
Mandiant open sources tool to prevent leaky Salesforce misconfigs
AuraInspector automates the most common abuses and generates fixes for customers First seen on theregister.com Jump to article: www.theregister.com/2026/01/13/mandiant_salesforce_tool/
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…