Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation...
Read moreNew SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
March 4 2021Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. ...
Read moreContinuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this...
Read moreSo Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25 2021Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye ...
Read moreSo Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25 2021Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye ...
Read moreCyber Criminals Exploit Accellion FTA for Data Theft and Extortion
February 22 2021Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered...
Read moreCyber Criminals Exploit Accellion FTA for Data Theft and Extortion
February 22 2021Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
February 17 2021In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
February 17 2021In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged ...
Read moreShining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
February 17 2021In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we...
Read more
Recent Comments