Tag: mandiant
-
UNC3886 Hackers Target Singapore’s Critical Infrastructure by Exploiting 0-Day Vulnerabilities
Tags: china, cyber, cyberattack, exploit, finance, government, group, hacker, infrastructure, mandiant, service, threat, vulnerability, zero-daySingapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group renowned for leveraging zero-day exploits and custom malware. First identified by Mandiant in 2022, UNC3886 has been operational since at least 2021, with confirmed activities exploiting vulnerabilities in…
-
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
Tags: attack, cybercrime, google, group, infrastructure, mandiant, phone, ransomware, software, tactics, vmwareThe notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.”The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant team…
-
China-Based Threat Actor Involved In Microsoft SharePoint Attacks: Mandiant CTO
Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant. First seen on crn.com Jump to article: www.crn.com/news/security/2025/china-based-threat-actor-involved-in-microsoft-sharepoint-attacks-mandiant-cto
-
Ransomware actors target patched SonicWall SMA devices with rootkit
Tags: access, attack, backdoor, control, credentials, exploit, flaw, incident response, malware, mandiant, network, password, ransomware, security-incident, startup, vpn, vulnerabilitytemp.db and persist.db, that store sensitive information, including user account credentials, session tokens, and OTP seed values.Although the flaw has been publicly documented and analyzed in detail by researchers as potentially leading to the exposure of admin credentials, GTIG and Mandiant don’t have evidence this is the flaw that was exploited. It is also possible…
-
Wiz Deal Highlights Google’s Multi-Cloud Security Strategy
COO Francis deSouza Explains Google Cloud’s Push for Unified Multi-Cloud Security. COO Francis deSouza shares insights into Google Cloud’s security priorities as it pursues the $32 billion acquisition of Wiz. He explains the need for seamless multi-cloud protection, the value of Mandiant’s threat intelligence, and how AI is changing threat detection and response at scale.…
-
iCounter Debuts With Mission to Defeat AI-Enabled Threats
Startup Raises $30M, Uses Risk Intelligence to Preempt Reconnaissance Attacks. Former FireEye and Mandiant leader John Watters unveils iCounter, a new cyber risk intelligence startup focused on targeted attacks and AI-enabled adversaries. Backed by Syn Ventures, the firm aims to transform threat detection with deeper visibility into attacker reconnaissance. First seen on govinfosecurity.com Jump to…
-
Vulnerable Protection Relays Put Power Grid at Risk
Google’s Mandiant Warns About Remote Attacks Disrupting Grid Stability. Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, warn researchers. There are systemic patterns across substations, utilities and industrial sites worldwide, Mandiant warned. First seen on govinfosecurity.com Jump to article:…
-
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
Tags: attack, authentication, cloud, cyber, flaw, injection, mandiant, password, RedTeam, remote-code-execution, software, vulnerabilityA Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller”, cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171) The attack chain begins with a weak password reset mechanism. Attackers can brute-force 6-digit…
-
Mandiant finds more than 30 fake AI websites spreading malware
First seen on scworld.com Jump to article: www.scworld.com/news/mandiant-finds-more-than-30-fake-ai-websites-spreading-malware
-
Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers
Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for… First seen on hackread.com Jump to article: hackread.com/fake-ai-video-tool-ads-facebook-linkedin-infostealers/
-
Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers
Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032, which capitalizes on the global fascination with artificial intelligence (AI). Since at least mid-2024, UNC6032 has been deploying fake AI video generator websites to distribute malware, specifically targeting users through deceptive social media ads on platforms like Facebook and LinkedIn. These…
-
Google warns of Vietnam-based hackers using bogus AI video generators to spread malware
Hackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google’s Mandiant unit, and then used the sites to spread infostealers and other malware. First seen on therecord.media Jump to article: therecord.media/malvertising-vietnam-hackers-fake-ai-video-generators
-
Mandiant flags fake AI video generators laced with malware
A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-video-generator-malware-mandiant-unc5032-vietnam/
-
Fake AI Tools Lure Users in Year-Long Malware Campaign
Mandiant Says Malware Spread Through Fake AI Video Ads Seen by Millions. Online scammers are converting excitement over generative artificial intelligence into fraudulent sites that infect victims with malware, says threat intel firm Google Mandiant in a report exposing a year-long campaign to distribute infostealers and backdoors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fake-ai-tools-lure-users-in-year-long-malware-campaign-a-28494
-
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
‘CISOs sprechen heute die Sprache des Business”
Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google CloudAls Senior Director und Leiter des Office of the CISO bei Google Cloud ist es die Aufgabe von Nick Godfrey, das Unternehmen beim Austausch zwischen CISOs rund um die Themen Cloud und Security zu unterstützen. Godfrey, selbst ehemaliger Sicherheitsverantwortlicher bei einem Finanzdienstleister, leitet…
-
North Korean operatives have infiltrated hundreds of Fortune 500 companies
Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
-
Exploits still top entry point, says Mandiant report
First seen on scworld.com Jump to article: www.scworld.com/brief/exploits-still-top-entry-point-says-mandiant-report
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
RSA 2025: Google is Going All-In on AI Agents That Can Help Security Personnel
Google continues to integrate Mandiant services into its security platforms following the acquisition in 2022. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-gemini-security-operations/
-
5 Most Common Security Attack Methods in 2024: Mandiant’s M-Trends Report
Mandiant, which was acquired by Google Cloud in 2022, paints a picture of global cyber threats from last year in order to help readers be better prepared this year. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mandiant-m-trends-security-report/
-
Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/24/understanding-2024-cyber-attack-trends/
-
Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection. Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities…
-
Financially motivated cyber crime remains biggest threat source
Mandiant’s latest annual threat report reveals data on how financially motivated cyber criminals, such as ransomware gangs, dominate the cyber security landscape First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623134/Financially-motivated-cyber-crime-remains-biggest-threat-source