New reporting from CrowdStrike: WARP PANDA - This newly designated China-nexus adversary is deploying BRICKSTORM malware against vCenter servers and demonstrating deep familiarity with virtualized and cloud environments.
https://t.co/KSUrbyqIjC
🚨 PRC state-sponsored APT actors are using BRICKSTORM malware, a sophisticated backdoor, to target govt & #CriticalInfrastructure. Our 🆕 Malware Analysis Report, derived from an #IncidentResponse engagement, details IOCs & mitigation steps. Act now! https://t.co/SksUqLbhp0
Earlier this year, I worked one the most interesting and complex IRs of my career. The malware and techniques from that case turned out to be key TTPs observed in multiple subsequent UNC5221 cases!
https://t.co/5qcU47RTLt
Earlier this year, I worked one the most interesting and complex IRs of my career. The malware and techniques from that case turned out to be key TTPs observed in multiple subsequent UNC5221 cases!
https://t.co/5qcU47RTLt
🔥new blog detailing 0day exploitation of Ivanti appliances as well as newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN malware ecosystem tied to China nexus cluster UNC5337.
https://t.co/mK6ZSVeBQQ
Today, @Mandiant published #MTrends2024, the 15th edition of the report. This report has everything - Frontline Intel Metrics, Hot Zero-Day Summer, Attackers Living on the Edge, insights into☁Threats, evolution of 🎣...
Get your copy here: https://t.co/I8evQ5HeCl
Check out @Mandiant’s latest hardening and remediation guide for orgs impacted by the recent ConnectWise #ScreenConnect vulns (CVE-2024-1708 and CVE-2024-1709)
https://t.co/l1fDmvVSdl
Every single known Lockbit ransomware group website is either offline or displaying a seized by EUROPOL page.
It appears law enforcement has seized and/or taken down, at minimum, 22 Tor sites, in what is labeled 'Operation Cronos'.
🔥new @Mandiant blog off the press digging further into our findings from Ivanti CS exploitation. Part 2 covers some new malware families, more on ZIPLINE, updates to attribution, and a bit on mitigation bypassing and new post-ex TTPs. https://t.co/1a49PaYqcu
UNC4990 - The first malicious threat actor Mandiant has tracked that's based out of Italy - employs some tactics we haven't seen before.
https://t.co/kGJquyv2hv
The financially motivated threat actor tracked by Microsoft as Octo Tempest, whose evolving campaigns leverage tradecraft not seen in typical threat models, represents a growing concern for organizations. Get TTPs and protection info: https://t.co/YpGE33NaaN
🚨 NetScaler vulnerability CVE-2023-4966 is being actively exploited. It can lead to VDI session hijacking, including MFA bypass. There are no logs on the appliance to monitor for exploitation. Upgrade now and investigate your environment!
https://t.co/L51aQwO6Qk
#DFIR
Our blog on UNC3944, a threat actor involved in several recent attacks on the hospitality sector and other industries. Includes actor methods and mitigations. https://t.co/IeWV2eIWXw
🎯#Qakbot Botnet Takedown in Operation Duck Hunt!
💻 700,000 Victim Computers
💰 $8.6m in cryptocurrency seized by DOJ
💰 Qakbot has earned $58m in ransoms
🔒 Qakbot used by Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta ransomware groups
https://t.co/Bwg3W0kOSL
Today we launched a 🔎 scanning tool for orgs to search their Citrix netscalers for evidence of CVE-2023-3519 post-exploration. You can run this direct on the ADC or against a forensic image. With public POCs out there expect more exploitation!
https://t.co/Wiianjv8AX
#DFIR