🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🚨 China-nexus espionage actors increasingly utilize scalable "ORB networks" to evade detection. Learn how these networks function and how defenders should respond in our latest blog post: bit.ly/4bOUuJ4 #Cybersecurity #CyberEspionage #Mandiant

UNC3944 Evolving Tactics Exposed! Our new blog dives deep into UNC3944's recent SaaS attacks, analyzing their changing methods and goals. Read now: bit.ly/3x5WC0l #Cybersecurity #ThreatIntelligence #UNC3944

🔥New APT41 Methodologies 🔥 While DUSTTRAP was really interesting, analyzing the methodologies observed alongside SQLULDR2 and PINEGROVE were fascinating. Both families highlight very specific methodologies worth hunting for. Check the blog for details! cloud.google.com/blog/topics/th…

Happy to get this out the door: cloud.google.com/blog/topics/th… Big thanks to queen basic ⊛ Joe @nicastronaut and the other named and unnamed authors. A few highlights ⬇️

New Mandiant (part of Google Cloud) blog on UNC4393, the primary user of BASTA. ✨ TTP shifts post-QAKBOT takedown, particularly regarding initial access. ✨ Increased custom malware, though LOTL & commodity tools still prevalent. 🔥 Josh++ Joe @nicastronaut cloud.google.com/blog/topics/th…

✨ A ton of IOCs and detections were included in the to help defenders. ✨ Nifty VT collection: virustotal.com/gui/collection…

this part.

Great writeup on UNC4393--the author list got my initial read, the campaign list kept me to the end, but REALLY loved the transparency on where the observables came from (screenshot below).

🚨 Check out our latest blog post on #UNC4393. Mandiant first identified this group in mid-2022, and we've tracked over 40 intrusions across 20 industries. Discover their evolving tactics, including a shift from available tools to custom malware → bit.ly/3A3DbpP

🆕🚨 analysis from Google on APT42 activity against 🇺🇸 and 🇮🇱. A ton of work from folks over the past few months dedicated to protecting users disrupting campaigns, and making life hard for the actors. More to come! blog.google/threat-analysi…

“Malware distribution groups are tricky to look at as a collective, so let’s narrow it down to some of my *least* favorites…” See ya next week, mWISE Conference 🫶🏼 #mWISE2024

DPRK's UNC5267 operations have expanded greatly over the past few years. It is essential to be proactive and detect them in your environment. These operations directly fund North Korea by diverting the paychecks they obtain back to the regime. cloud.google.com/blog/topics/th…

coming soon ... the Interview Part II how does aptwhatnow keep getting these guests???

Great technical post on LummaC2 obfuscation and how to deobfuscate samples through symbolic backward slicing: cloud.google.com/blog/topics/th… 🫸🫷 Chuong Dong and Nino!

🚨 Breaking: A zero-day vulnerability (CVE-2024-47575) has been observed impacting Fortinet FortiManager devices, posing serious risks. Learn how the exploit works, and how to defend against the threat. Read more -> bit.ly/4hbqmuR #ThreatIntelligence

🔥new blog detailing 0day exploitation of Ivanti appliances as well as newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN malware ecosystem tied to China nexus cluster UNC5337. cloud.google.com/blog/topics/th…