Tag: mandiant

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Aug 27, 2025 12:23 PM

Tags: ai, automation, breach, data, google, group, hacker, intelligence, mandiant, theft, threat

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395.”Beginning as…
Attackers steal data from Salesforce instances via compromised AI live chat tool

Aug 27, 2025 5:23 AM

Tags: access, ai, at&t, breach, credentials, data, extortion, group, login, mandiant, open-source, password, saas, tool, vpn

What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Aug 21, 2025 6:54 PM

Tags: access, backdoor, captcha, cybercrime, mandiant, service, social-engineering, threat

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3.Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is…
Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Jul 30, 2025 10:28 AM

Tags: attack, cloud, google, group, hacker, mandiant, threat

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses.”Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t observed…
Lazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply Chains

Jul 29, 2025 5:27 PM

Tags: cloud, cyber, cybersecurity, group, lazarus, mandiant, microsoft, north-korea, supply-chain, threat

The North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow Pisces by various cybersecurity firms including Mandiant, Microsoft, Proofpoint, and Unit42, TraderTraitor operates under the…
UNC3886 Hackers Target Singapore’s Critical Infrastructure by Exploiting 0-Day Vulnerabilities

Jul 28, 2025 8:27 PM

Tags: china, cyber, cyberattack, exploit, finance, government, group, hacker, infrastructure, mandiant, service, threat, vulnerability, zero-day

Singapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group renowned for leveraging zero-day exploits and custom malware. First identified by Mandiant in 2022, UNC3886 has been operational since at least 2021, with confirmed activities exploiting vulnerabilities in…
Scattered Spider targets VMware ESXi in using social engineering

Jul 28, 2025 2:27 PM

Tags: cybercrime, google, group, mandiant, social-engineering, software, usa, vmware

Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Muddled Libra, Octo Tempest, and UNC3944) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group…
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

Jul 28, 2025 9:27 AM

Tags: attack, cybercrime, google, group, infrastructure, mandiant, phone, ransomware, software, tactics, vmware

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.”The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant team…
China-Based Threat Actor Involved In Microsoft SharePoint Attacks: Mandiant CTO

Jul 22, 2025 1:44 AM

Tags: attack, china, cloud, exploit, google, mandiant, microsoft, threat, vulnerability

Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant. First seen on crn.com Jump to article: www.crn.com/news/security/2025/china-based-threat-actor-involved-in-microsoft-sharepoint-attacks-mandiant-cto
Ransomware actors target patched SonicWall SMA devices with rootkit

Jul 18, 2025 12:40 AM

Tags: access, attack, backdoor, control, credentials, exploit, flaw, incident response, malware, mandiant, network, password, ransomware, security-incident, startup, vpn, vulnerability

temp.db and persist.db, that store sensitive information, including user account credentials, session tokens, and OTP seed values.Although the flaw has been publicly documented and analyzed in detail by researchers as potentially leading to the exposure of admin credentials, GTIG and Mandiant don’t have evidence this is the flaw that was exploited. It is also possible…
Wiz Deal Highlights Google’s Multi-Cloud Security Strategy

Jul 17, 2025 6:40 PM

Tags: ai, cloud, detection, google, intelligence, mandiant, strategy, threat

COO Francis deSouza Explains Google Cloud’s Push for Unified Multi-Cloud Security. COO Francis deSouza shares insights into Google Cloud’s security priorities as it pursues the $32 billion acquisition of Wiz. He explains the need for seamless multi-cloud protection, the value of Mandiant’s threat intelligence, and how AI is changing threat detection and response at scale.…
iCounter Debuts With Mission to Defeat AI-Enabled Threats

Jul 16, 2025 2:40 PM

Tags: ai, attack, cyber, detection, intelligence, mandiant, risk, startup, threat

Startup Raises $30M, Uses Risk Intelligence to Preempt Reconnaissance Attacks. Former FireEye and Mandiant leader John Watters unveils iCounter, a new cyber risk intelligence startup focused on targeted attacks and AI-enabled adversaries. Backed by Syn Ventures, the firm aims to transform threat detection with deeper visibility into attacker reconnaissance. First seen on govinfosecurity.com Jump to…
Vulnerable Protection Relays Put Power Grid at Risk

Jul 2, 2025 10:34 PM

Tags: attack, google, hacker, mandiant, risk, vulnerability

Google’s Mandiant Warns About Remote Attacks Disrupting Grid Stability. Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, warn researchers. There are systemic patterns across substations, utilities and industrial sites worldwide, Mandiant warned. First seen on govinfosecurity.com Jump to article:…
Scattered Spider nimmt Luftfahrtbranche ins Visier

Jun 30, 2025 5:33 PM

Tags: cyberattack, cybersecurity, finance, hacker, mandiant, mfa, network, password, phishing, ransomware, service, social-engineering, tool, vulnerability

Scattered Spider nutzt Social Engineering statt Brute Force um sich Zugang zu verschaffen.Die Cybersecurity-Anbieter Mandiant und Palo Alto Networks sowie das FBI warnen vor zunehmenden Cyberangriffen der Hackergruppe ‘Scattered Spider” auf den Luftfahrtsektor. Einen Name machte sich die Bande bereits unter anderem durch Angriffe auf die großen britischen Einzelhändler Marks&Spencer, Harrods sowie Co-op. Das FBI…
Why Are CISOs Prioritizing Snowflake Security? The Breach Playbook Has Changed.

Jun 26, 2025 6:36 PM

Tags: access, ai, attack, authentication, breach, ciso, credentials, data, defense, detection, exploit, finance, google, group, identity, insurance, intelligence, login, mandiant, monitoring, okta, risk, saas, social-engineering, theft, threat

In recent conversations with prospective customers, one request keeps rising to the top: “Can you monitor Snowflake?” At first, it felt like a coincidence. But over multiple engagements, that urgency isn’t random it reflects a deeper industry concern. Security leaders are increasingly prioritizing Snowflake as a high-risk, high-value SaaS application. And they’re right to. The…
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass

Jun 24, 2025 9:35 AM

Tags: attack, authentication, cloud, cyber, flaw, injection, mandiant, password, RedTeam, remote-code-execution, software, vulnerability

A Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller”, cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171) The attack chain begins with a weak password reset mechanism. Attackers can brute-force 6-digit…
Mandiant finds more than 30 fake AI websites spreading malware

May 28, 2025 10:55 PM

Tags: ai, malware, mandiant

First seen on scworld.com Jump to article: www.scworld.com/news/mandiant-finds-more-than-30-fake-ai-websites-spreading-malware
Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers

May 28, 2025 7:55 PM

Tags: ai, defense, group, linkedin, malicious, mandiant, threat, tool

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for… First seen on hackread.com Jump to article: hackread.com/fake-ai-video-tool-ads-facebook-linkedin-infostealers/
Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers

May 28, 2025 4:55 PM

Tags: ai, cyber, defense, group, intelligence, malicious, malware, mandiant, threat

Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032, which capitalizes on the global fascination with artificial intelligence (AI). Since at least mid-2024, UNC6032 has been deploying fake AI video generator websites to distribute malware, specifically targeting users through deceptive social media ads on platforms like Facebook and LinkedIn. These…
Google warns of Vietnam-based hackers using bogus AI video generators to spread malware

May 28, 2025 3:55 PM

Tags: ai, google, hacker, malware, mandiant, tool

Hackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google’s Mandiant unit, and then used the sites to spread infostealers and other malware. First seen on therecord.media Jump to article: therecord.media/malvertising-vietnam-hackers-fake-ai-video-generators
Fake AI Tools Lure Users in Year-Long Malware Campaign

May 27, 2025 10:54 PM

Tags: ai, google, intelligence, malware, mandiant, scam, threat, tool

Mandiant Says Malware Spread Through Fake AI Video Ads Seen by Millions. Online scammers are converting excitement over generative artificial intelligence into fraudulent sites that infect victims with malware, says threat intel firm Google Mandiant in a report exposing a year-long campaign to distribute infostealers and backdoors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/fake-ai-tools-lure-users-in-year-long-malware-campaign-a-28494
Mandiant flags fake AI video generators laced with malware

May 27, 2025 10:54 PM

Tags: access, ai, backdoor, group, malware, mandiant, tool

A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-video-generator-malware-mandiant-unc5032-vietnam/
How CISOs can defend against Scattered Spider ransomware attacks

May 27, 2025 8:54 AM

Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-day

Significant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.

May 20, 2025 9:54 PM

Tags: access, ai, attack, breach, ceo, ciso, cloud, credentials, data, detection, email, endpoint, exploit, identity, infrastructure, malicious, mandiant, monitoring, network, north-korea, risk, saas, siem, software, supply-chain, threat, tool

By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

May 13, 2025 5:38 PM

Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-day

Executive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
‘CISOs sprechen heute die Sprache des Business”

May 9, 2025 7:10 AM

Tags: ai, api, apt, breach, business, ceo, cio, ciso, cloud, container, cyberattack, cyersecurity, google, governance, jobs, malware, mandiant, office, oracle, risk, software, tool

Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google CloudAls Senior Director und Leiter des Office of the CISO bei Google Cloud ist es die Aufgabe von Nick Godfrey, das Unternehmen beim Austausch zwischen CISOs rund um die Themen Cloud und Security zu unterstützen. Godfrey, selbst ehemaliger Sicherheitsverantwortlicher bei einem Finanzdienstleister, leitet…
North Korean operatives have infiltrated hundreds of Fortune 500 companies

May 1, 2025 12:50 AM

Tags: cloud, country, google, mandiant, north-korea

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-workers-infiltrate-fortune-500/
Exploits still top entry point, says Mandiant report

Apr 30, 2025 9:50 PM

Tags: exploit, mandiant

First seen on scworld.com Jump to article: www.scworld.com/brief/exploits-still-top-entry-point-says-mandiant-report
Enterprise-specific zero-day exploits on the rise, Google warns

Apr 29, 2025 5:52 PM

Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-day

Surge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
The state of intrusions: Stolen credentials and perimeter exploits on the rise, as phishing wanes

Apr 29, 2025 11:52 AM

Tags: access, apt, attack, authentication, awareness, backdoor, breach, business, china, cloud, control, corporate, credentials, crypto, cyber, cyberespionage, cybersecurity, data, email, espionage, exploit, extortion, finance, fraud, group, Hardware, incident response, infection, ivanti, jobs, law, lockbit, malicious, malware, mandiant, mfa, middle-east, mobile, network, north-korea, oracle, password, phishing, ransom, ransomware, RedTeam, russia, social-engineering, software, theft, threat, tool, training

Financial gains, data theft, dwell time: Of the intrusions Mandiant investigated in 2024, 35% were financially motivated, with ransomware alone representing 21% of all intrusions, according to the company’s data.Financial gains were realized via data theft for the purpose of extortion, cryptomining, cryptocurrency theft, business email compromise, and cases in which attackers monetized their access…