News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

ALPHV ransomware targets old Veritas backup vulnerabilities
ALPHV ransomware targets old Veritas backup vulnerabilities

According to Mandiant, a ransomware partner of ALPHV is increasingly looking for old vulnerabilities in Veritas backup installations. The gaps have actually been known since 2021 – but many of them have not been patched. It should currently be possible to find over 8.500 backup instances on the web. Mandiant has observed a new ALPHV ransomware partner (a.k.a. BlackCat ransomware) tracked as UNC4466 targeting public facing Veritas Backup Exec installations for vulnerabilities CVE-2021-27876, CVE-2021-27877 and CVE -2021-27878 are vulnerable. These CVEs have been known since March 2021 and patches are also available. However, some administrators have the…

Read more

KRITIS: Outlook zero-day vulnerability exploited for months
B2B Cyber ​​Security ShortNews

Mandiant experts believe that the Outlook zero-day vulnerability (CVE-2023-23397) has been used in Organization and Critical Infrastructure (KRITIS) attacks for almost 12 months and was also used by Russian actors in the Ukraine attack. Mandiant has tracked and documented early exploitation of the vulnerability under the tentative group name UNC4697. The attacks have now been publicly attributed to APT28, a Russian actor associated with the GRU secret service. The vulnerability has been deployed against government agencies, logistics companies, oil and gas operators, defense contractors, and the transport industry in Poland, Ukraine, Romania, and Turkey since April 2022. Outlook vulnerability…

Read more

Chinese cyber attackers target zero-day vulnerabilities
B2B Cyber ​​Security ShortNews

Found zero-day vulnerabilities are often exploited by individual APT groups. According to Mandiant, Chinese cyberattackers are targeting more and more zero-day vulnerabilities. The report documents the role of the groups and the vulnerabilities exploited. Mandiant's new Fortinet vulnerability report reveals that routers and internet-connected devices on corporate networks are inadequately protected against cyberattacks. There are simply not enough tools to protect these systems. Chinese spies at work Suspected Chinese spies exploited a zero-day vulnerability with a new type of malware designed specifically for network security devices. Even devices used by government and…

Read more

Cyber ​​security decisions without background knowledge
Cyber ​​security decisions without background knowledge

According to a survey, organizations in Germany lack background knowledge about the different hacker groups and their procedures. The use of existing threat intelligence is a challenge in many organizations. Mandiant's Global Perceptions on Threat Intelligence report provides insight into how organizations are addressing the increasingly complex threat landscape. The report is based on a global survey of 1.350 cybersecurity decision-makers in 13 countries, including 100 in Germany, and 18 industries, including financial services, healthcare and government agencies. 40 percent of respondents from organizations in Germany stated that their organization in the…

Read more

APT Group Lazarus: North Korea captured $630 million

According to a UN expert report, North Korea was able to capture a record amount of money in 2022 through cyber attacks by the APT group Lazarus. North Korean cybercriminals are believed to have stolen at least $630 million. The sanctioned country uses the money mainly to finance its nuclear and missile programs. The state group Lazarus, among others, is held responsible for the cyber attacks. In public reporting, the Lazarus Group is often used as a generic term for numerous North Korean cyber actors. A blog post by Mandiant provides detailed insights into the various institutions within the hermit state and helps to understand how...

Read more

Commentary on current cyber attacks
B2B Cyber ​​Security ShortNews

After the decision in Berlin to send Leopard 2 tanks to Ukraine, numerous German websites were paralyzed by cyber attacks. The pro-Russian self-proclaimed hacktivist group KillNet claimed responsibility for the attacks. “This type of response in cyberspace comes as no surprise; she is to be expected. For years, Mandiant has pursued several self-proclaimed hacktivist groups that support Russian interests or act out of a perceived patriotic duty. We believe with moderate certainty that the KillNet and XakNet groups have historically coordinated some of their activities directly and have ties to the GRU. These groups…

Read more

Cyber ​​Security Forecast 2023
Cyber ​​Security Forecast 2023

Mandiant, part of Google Cloud, releases its Cyber ​​Security Forecast for 2023. The forecasts are based on developments that experts on the cyber frontline have observed over the past few months and which they believe will also determine the coming year . According to the experts, in 2023 Europe will focus primarily on cyber operations in connection with the energy crisis and the Russian war of aggression, as well as ransomware attacks and the threat to the "Big Four" Iran, Russia, North Korea and China. Cyber ​​Security Forecast 2023: Forecasts for EMEA Russia expands its targets in…

Read more

Breach Analytics for Google Cloud Chronicle
Breach Analytics for Google Cloud Chronicle

Mandiant announces Mandiant Breach Analytics offering for Google Cloud Chronicle. Mandiant Breach Analytics combines Mandiant's industry-leading threat intelligence with the power of Google Cloud's Chronicle Security Operations suite. The offering is SaaS-based and leverages threat intelligence gathered from Mandiant's "cyberfront" incident response operations. Customers can use it to quickly identify indicators of compromise (IOCs) and reduce the impact of an attack. Attackers average 21 days in victim's network Attackers are becoming increasingly sophisticated and aggressive in their tactics, targeting businesses…

Read more

Microsoft 365 targeted by Russian hacker group APT29

New Mandiant research into the Russian hacker group APT29 behind the 2021 SolarWinds attack shows the attackers are adopting new tactics and continue to actively target Microsoft 365. APT29 has also been observed re-targeting previous victims - particularly those with influence or close ties to NATO countries. This shows that the cyber criminals are persistent, aggressive and with a lot of dedication to further develop their technical skills. Focus on Operational Security APT29 continues to demonstrate exceptional operational security and evasive tactics. In addition to using proxies in homes to provide their last access to victim environments…

Read more

Chinese disinformation campaign with HaiEnergy

New research from Mandiant reveals a Chinese disinformation campaign. Mandiant has christened this "HaiEnergy". The campaign distributes content on fake news sites. In addition to the websites in North America, Europe, the Middle East and Asia, the campaign also uses many social media that are strategically aligned with the political interests of the People's Republic of China. The HaiEnergy campaign uses 72 websites posing as independent news channels and publishing content in 11 languages. Mandiant analysts believe these websites are linked to Chinese PR firm Shanghai Haixun Technology Co. HaiEnergy:…

Read more