Mandiant
@Mandiant
Followers
124,815
Following
4,334
Media
3,497
Statuses
9,026
Explore trending content on Musk Viewer
Rio Grande do Sul
• 160450 Tweets
Madonna
• 125663 Tweets
Nathan
• 121544 Tweets
Tottenham
• 54943 Tweets
Spurs
• 45826 Tweets
#CHETOT
• 35127 Tweets
#الاهلي_ضمك
• 25911 Tweets
bruno mars
• 24842 Tweets
Ange
• 20528 Tweets
Guinea
• 19548 Tweets
Boris Johnson
• 19383 Tweets
Sundowns
• 19379 Tweets
Hayer
• 18299 Tweets
#debatBFMTV
• 16951 Tweets
Kaizer Chiefs
• 13978 Tweets
Mudryk
• 11862 Tweets
As you likely noticed, yesterday, Mandiant lost control of this X account which had 2FA enabled. Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control. We'll share our investigation findings once concluded.
84
251
1K
We are excited to announce that we've signed an agreement to join the
@GoogleCloud
family — bringing together some of the best minds in security! Read more here:
21
346
943
Google completed its acquisition of Mandiant today. We’re excited to get started on our shared mission to create a comprehensive and best-in-class cyber security solution for customers and partners. Read more here:
9
233
598
We have finished our investigation into last week's Mandiant X account takeover and determined it was likely a brute force password attack, limited to this single account.
90
147
546
10
156
413
New: North Korea has taken a page out of China's cyber playbook to reorganize and consolidate its threat groups within the government - making them “extremely mobile now that they’ve consolidated.” Here's a first look at their new org structure 👇
2
165
341
Mandiant Intelligence has been tracking several ways in which Chinese cyber espionage activity has increasingly leveraged initial access and post-compromise strategies intended to minimize opportunities for detection.
Learn more in our analysis:
1
129
311
Linux is becoming a prime target as it is used as the operating system for basic household items up to critical infrastructure. View our latest white paper for guidance on protecting Linux endpoints against malware and destructive attacks.
➡️
5
119
306
Listen to this week’s
#ThreatTrends
episode feat. Mandiant’s Yihao Lim who joined to discuss the trends he sees in the threat landscape in APJ and how organizations in the region are approaching security.
🎧:
7
17
258
Mandiant and VMware Product Security found that UNC3886 has been exploiting CVE-2023-20867 since 2021.
Mandiant recommends VMware users update to the latest version of vCenter to account for this vulnerability seeing exploitation in the wild. ⬇️
2
95
210
Today, we announced the elevation of one of the longest-running financially-motivated threat clusters to FIN status, known as
#FIN13
. The group is unique in several ways, including in the fact they do not deploy
#ransomware
.
Learn more ➡️
2
87
204
Today we announced our strategic partnership with
@CrowdStrike
, which brings the power of CrowdStrike’s Falcon platform to Mandiant’s industry-leading services helping to protect customers from
#cyberthreats
.
Learn more. ⬇️
4
60
193
Based on the data released, there are no indications that Mandiant data has been disclosed. Rather the actor appears to be trying to disprove our June 2nd, 2022 research on UNC2165 and LockBit. We stand behind the findings of this research.
2
69
169
It’s time for our home race🏁! We are proud to provide
@AlpineF1Team
with confidence in their
#cybersecurity
as they take on the
#USGP
at Circuit of the Americas. Let’s go team, good luck!
2
22
163
We've posted a new blog authored by Mandiant's Threat Intel team on how the Apache Log4j vulnerability impacts organizations, ways attackers have been leveraging it in the wild and our detailed mitigation recommendations.
Read more here:
1
58
164
In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against customers & the community. Read our whitepaper for guidance on how to protect against these sorts of destructive cyber attacks.
➡️
2
61
157
UNC3886 has been exploiting a 0-day vulnerability in VMware ESXi hypervisors.
See our latest blog for more on this group, as well as steps organizations can take to detect and respond to a newly exploited 0-day vulnerability in VMware ESXi hypervisors.
0
72
157
We have graduated UNC788 to APT status.
#APT42
is a prolific & well-resourced threat actor likely operating on behalf of the Iranian Revolutionary Guard Corps. Read more on the group & listen to our latest
#ThreatTrends
episode to learn more.
1
65
149
We have developed and launched The Mandiant Cyber Threat Intelligence Analyst Core Competencies Framework to help grow the pool of highly capable CTI practitioners. Read this blog post by
@_John_Doyle
to learn more. 👇
1
46
148
🚀 Unveiling the new Threat Intelligence Blog!
Explore hundreds of Mandiant reports, offering the same intelligence and same Mandiant expertise but now on a dedicated page.
Read now:
#ThreatIntelligence
#Cybersecurity
1
50
147
Everyone's heard of
#CobaltStrike
. But do you know how it works? Don't worry.
@ramen0x3f
has you covered.
Read the blog post 👉
0
47
146
As part of the Google Summer of Code project, our FLOSS malware analysis tool now supports the Go and Rust executables. Learn how to use FLOSS by reading our blog here
#ReverseEngineering
#Flare
4
49
143
Mandiant and
@Microsoft
have identified a new wave of intrusion activity from the threat actor behind the
#SolarWinds
supply chain attacks. Learn more in this article from
@nytimes
⬇️
1
53
138
A new Mandiant investigation reveals what’s probably the first instance of an ICS attack that solely uses living off the land techniques.
Read how Sandworm caused a power outage in Ukraine and why they could replicate a similar type of attack elsewhere:
2
72
136
capa v3 has arrived! 🙌
With help from
@IntezerLabs
, the tool now recognizes ELF files. Learn more about the extended analysis and other improvements that come with the newest code and ruleset updates, in our latest blog.
1
59
135
Our experts have gathered sufficient evidence to assess that the activity tracked as
#UNC2452
, the group name used to track the
#SolarWinds
compromise in December 2020, is attributable to
#APT29
.
Learn more:
1
77
136
Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We've made changes to our process to ensure this doesn't happen again.
15
22
132
We have identified an ongoing IO campaign leveraging a network of at least 72 suspected inauthentic news sites & a number of suspected inauthentic social media assets to disseminate content strategically aligned w/ the political interests of the PRC. ➡️
1
70
125
The Mandiant Managed Defense team has been working tirelessly to identify and combat the latest threats, and we're sharing our key observations from 2023 with you.👇
#Cybersecurity
#ThreatIntelligence
1
42
129
Yesterday we lost former teammate Joyce Lin, who's plane crashed while delivering COVID-19 tests in rural Indonesia. A founding member of the Intel Team, Joyce then followed a passion to give back, joining a nonprofit. Her generosity will be missed.
5
34
126
In early 2022, Mandiant detected & responded to an incident where
#APT29
successfully phished a European diplomatic entity & ultimately abused the Windows Credential Roaming feature. Read the blog post for more on this research.👇
0
58
126
This joint CSA provides details on rare
#ICS
focused malware that could be used to carry out serious cyber attacks against critical infrastructure. We appreciate acknowledgment for the hard work of our team in the report.
2
39
118
We are kicking off the week by releasing free tools on GitHub that help companies generate rules to systematically hunt for deserialization exploits, as well as other types of 0-day exploits. For more, read the blog post by Alyssa Rahman (
@ramen0x3f
).
👉
2
35
116
Ready. Set. Go! 🚦
We are thrilled to announce our strategic partnership with
@AlpineF1Team
to help protect data across racing operations so they can continue to push the boundaries of technology and innovation both on and off the track.
👉 Read more:
0
15
115
The
#MTrends
2022 report is here! Download your copy today to get our insights from the frontlines of
#cybersecurity
0
54
116
Our Managed Defense team identified a threat actor, UNC4990, who uses USB devices for initial attacks. They have moved from using seemingly benign encoded text files to hosting payloads on popular websites.
Read more:
#Malware
#ManagedDefense
3
44
113
We’ve recently responded to several incidents involving compromises of Pulse Secure VPN appliances.
Our blog post examines multiple related techniques for bypassing single & multifactor authentication on the appliances. Review the techniques here:
0
58
111
We are pleased to share the Cyber Threat Intelligence Program Maturity Assessment. This web-based Intelligence Capability Discovery (ICD) will help commercial and governmental organizations evaluate the maturity (cont)
1
27
105
“We need to see more law enforcement disruptions of these
#ransomware
attacks if we want to change their behavior.” - Christopher Krebs addressing attendees at
#CyberDefenseSummit
1
23
100
Check out our initial findings on zero-day exploitation of Ivanti appliances by a suspected APT. 👇
We share details on five malware families related to the exploitation, as well as IOCs, YARA rules, and more for defenders to stay ahead of the threat.
4
38
103
Congratulations to the 219 Flare-On Challenge finishers! With 4,767 registered users, this is the most difficult challenge we’ve ever produced.
Interested in learning more about the 13 challenges? Check out the solutions from the authors themselves.
#Flare
0
38
104
In the latest release of capa v7, we have integrated capa with Ghidra, bringing capa’s detection capabilities directly to Ghidra’s user interface.
Read our latest blog to integrate your Ghidra workflows:
#Flare
#ReverseEngineering
0
37
101
Announcing the 10th annual Flare-On Challenge, launching on Sept. 29, 2023!
The challenge is designed for the world’s best reverse engineers to test their skills through difficult puzzles, featuring a retro-computing challenge involving PDP-11.
#flareon10
0
29
101
Read more about the group responsible here:
2
31
98
Responding to Western sanctions, Russia is likely to tap actors including Sandworm, UNC2589, UNC3715, and potentially TEMP.Isotope, for response, escalation, and possible destructive actions:
2
61
99
Today we published new research showing how
#APT29
, the threat group behind the
#SolarWinds
attack, is using new tactics and actively targeting Microsoft 365. Read more. ⤵️
2
35
97
Today we've completed the sale of the FireEye Products business. We want to take a moment to acknowledge & honor the incredible work our former colleagues delivered for Mandiant & our customers, and to wish them well as they move forward under Bryan Palma’s capable leadership.
0
21
92
We've published a blog post on our analysis of the INCONTROLLER framework, covering how new state-sponsored cyber attack tools target multiple industrial control systems. Thanks to
@SchneiderElec
& our partners for their contribution. Full post 👇
#ICS
0
60
89
Run, don't walk. Listen to our latest
#ThreatTrends
episode feat. Mandiant's Joe Dobson & Michael Barnhart on
#DPRK
threat groups & a view of the threat landscape in the region. They also chat about the tactics actors are using to target
#cryptocurrency
.
8
20
83
How can your security team benefit from increased external visibility? Hear from our experts on how Mandiant Advantage Attack Surface Management helps automate external asset discovery & reconnaissance efforts. Register today!
3
3
85
Mandiant has published a new report outlining new activities & tactics carried out by a threat actor we are associating w/ the
#SolarWinds
supply chain attack. Read more in our latest blog post.
0
26
87
“We’re celebrating the start. It’s not the finish line," said our CEO, Kevin Mandia, speaking to Mandiant employees in an all company town hall called to discuss the close of Google's acquisition of the firm. Read his blog here 👇
6
27
79
This week’s Twitter hack showed that it's possible for foreign threat actors to hijack media accounts & spread disinformation right before the U.S. election.
Read more of
@JohnHultquist
’s thoughts. via
@SangerNYT
,
@nicoleperlroth
, &
@NYTnickc
at
@nytimes
4
55
75
Through our extensive experience responding to some of the world's most impactful threats, we found six critical tasks that organizations should implement to effectively mitigate cyber risk.
#CyberSnapshot
#DefendersAdvantage
2
24
78
The once stable Russian cybercrime structure may be forming cracks in the age of ransomware. via
@DarkReading
2
14
78
We've refocused to be as agile and powerful as possible to defend you against cyber attacks.
We are Mandiant.
2
27
74
We've observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website.
▶️
1
42
76
Here is
@JumpforJoyce
with insights on what the
#cybersecurity
industry should be prepping for in 2023. Stay tuned for much more from our Mandiant Cyber Security Forecast 2023 report, dropping next Wednesday, November 2.
9
15
74
In July 2022, Mandiant Managed Defense identified a novel spear phish methodology employed by a threat cluster tracked as UNC4034.
Read our blog to learn more. ⬇️
0
26
75
Check out a few suggestions that can help you analyze most types of
#data
with
#MicrosoftExcel
, which will allow you to develop an efficient way to analyze important evidence.
>> Read more in our blog:
1
24
75
🚨 New research alert!
Mandiant has observed a new espionage operation targeting
#Ukraine
. We suspect this activity is being conducted by the Russian
#cyberespionage
group, Turla Team. Read the blog to learn more. ⬇️
0
43
76
In 2023, we teamed up with
@Google
’s Threat Analysis Group (TAG) to track down 97 zero-day vulnerabilities.
Our findings: 61 hit end user platforms, 36 targeted enterprise tech.
Read the report!
#Cybersecurity
#ZeroDayVulnerabilities
#ThreatAnalysis
0
21
74
We found suspected Russian cyber actors used evacuation & humanitarian documents as
#spearphishing
lures against Ukrainian entities
Read details on those campaigns, including new
#malware
found, & the suspected threat actors behind it here:
🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with
@servicessu
, we are disclosing IOCs associated w/malware recently found in Ukrainian networks
22
241
571
2
45
74
Our annual Flare-On Challenge is back!
This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. Read more about
#FlareOn9
, which begins Sept. 30 at 8pm ET. 👇
2
32
74
APT43 | North Korea is gaining intelligence on international negotiations, sanctions policy, foreign relations, and domestic politics using this cyber operator. Download the Mandiant APT43 report to learn more:
0
38
70
Trello? Is it
#APT29
you’re looking for?
Our researchers have discovered two new malware families being used by APT29 in spear phishing campaigns to obtain diplomatic and foreign policy information from governments around the world.
More here ⤵️
1
33
71
Flare-On is back! 🙌
This year's challenge will feature a total of 11 challenges featuring a variety of formats including Windows, JavaScript, .NET, Python, and even Motorola 68k Macintosh.
Read more about
#FlareOn9
, which begins Sept. 30 @ 8pm ET.
2
37
72
Mandiant identified 55 zero-day vulnerabilities exploited in 2022 which represents a 200% increase compared to 2020.
0
37
67
Our FLARE team has released the Ghidrathon extension, which adds Python 3 scripting capabilities to Ghidra that tightly integrates with Ghidra's UI.
Read our latest blog post to learn more. ⤵️
0
26
66
Dive into our latest blog on APT29's use of WINELOADER to target German political parties. Learn about tactics, impacts, and defense strategies. Read the analysis:
#Cybersecurity
#ThreatIntel
#APT29
0
20
67
It’s race day! Team Mandiant is excited to see
@AlpineF1Team
at the starting line at the
#BritishGP
.
1
1
63
We're dropping our next
#ThreatTrends
episode a bit early this week!
Tune in to hear from
@gabby_roncone
,
@Big_Bad_W0lf_
&
@tylabs
on the Russian cyber activity related to
#Ukraine
Mandiant has been tracking over the last year.
🎧:
2
22
61
🚨 Explore the rising threat of cyberattacks leveraging System Center Configuration Manager (SCCM) in our newest blog post.
Gain expert insights and learn how to protect your organization.
Read now:
#Cybersecurity
#SCCM
1
21
63
We just released an Indicators of Compromise Scanner that is designed to help organizations scan their Citrix appliances for evidence of post-exploitation activity related to CVE-2023-3519. Learn more about this tool and download it today:
#ZeroDayThreat
2
32
62
THREAD: We want to be clear that Mandiant did not & does not employ "hack back" techniques and have written a blog that goes into more detail: (1/n)
2
55
61
In collaboration with
@Google
's Threat Analysis Group (TAG), we've released a comprehensive report on
#zerodayvulnerabilities
observed in 2023, offering insights and recommendations for cybersecurity professionals.
Stay ahead of threats:
#Cybersecurity
1
24
63
Our latest blog, Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter: dives into the realm of local file-based escalation attacks which can allow them to delete files on Windows system.
Read the full blog here:
0
14
61
Today we are pleased to announce a new strategic alliance with
@SentinelOne
to help organizations reduce the risk of data breaches and strengthen their ability to mitigate cyber threats. Read more:
3
14
63
Cyber Security Forecast 2023 is out! To help improve overall preparedness, we've tapped leaders & experts across Mandiant for perspective, including our Head of Global intelligence
@JumpforJoyce
and also
@philvenables
, CISO
@Google
Cloud. Read more here ⤵️
0
19
59
If you haven't already, be sure to check out
@KimZetter
's 12-page feature in
@WIRED
's June print issue on SolarWinds:
#SolarWinds
#Cybersecurity
1
31
61
Today we published new research on a unique
#malware
ecosystem that was found deployed on VMware hypervisors & guest systems by an advanced & suspected espionage threat actor. Read our blog to learn more about the threat:
2
28
59
M-Trends 2023 is live! Download the 14th edition of Mandiant’s unique analysis of today’s cyber threat landscape today.
#MTrends
#Cybersecurity
2
38
59