Trending Evil provides insight into the latest threats observed by Mandiant Managed Defense. The Trending Evil Q1 2022 report focuses on the ongoing impact of the Log4j /Log4Shell vulnerability and the proliferation of financially motivated attacks.
30 attack campaigns exploiting the Log4j vulnerability (CVE-2021-44228) are currently under surveillance, including activities by state attacker groups allegedly controlled by China and Iran. During the reporting period, Mandiant Managed Defense detected eleven different malware families used to exploit the Log4j / Log4Shell vulnerability.
Trending Evil Q1 2022: The findings at a glance
Additionally, Managed Defense observed numerous financially-motivated attacks that proliferated malicious code via fake websites or email phishing campaigns. Phishing campaigns conducted by a financially motivated threat group tracking Mandiant as UNC2500 show ever-changing tactics, techniques, and methods. However, the results of the compromises remain the same: ransomware, data theft, and extortion.
Managed Defense observed activities by APT41, a Chinese state-controlled spy group whose members also engage in financially motivated after-hours activities for personal gain.
The report highlights five malware families active in technology, government, education, finance, healthcare and real estate. The full report with all the details can be downloaded online for free.
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.