2f5a413d-3da5-4459-ad40-201452fd2b8d

Trending Evil

DESTRUCTIVE CAMPAIGNS AGAINST UKRAINIAN ENTITIES UNCOVERED

Mandiant anticipated Russia would continue to conduct destructive and disruptive cyber attacks in support of its invasion of Ukraine.

To mitigate risk, Mandiant Managed Defense initiated a Community Protection Event to notify customers of the increased threat level and proactive measures taken by Mandiant to protect them against emerging threats. Among the potential targets of these emerging threats are government, financial services, energy and utilities, media and entertainment, and transportation sectors.

In January 2022, Managed Defense discovered a spear-phishing campaign targeting European diplomatic organizations. The phishing emails deployed the BEATDROP downloader to download and run CobaltStrike BEACON in-memory. Mandiant associates this activity to APT29, which has targeted a wide range of European and North American governments and international organizations.

In March 2022, Managed Defense responded to the successful exploitation of an Exchange Server at a Ukrainian entity. Exploitation of the vulnerability led to the deployment of a webshell and attempted deployment of the NEARTWIST wiper, also known as IsaacWiper. Managed Defense worked with the targeted entity to respond and contain the affected hosts to prevent malware deployment.


By requesting this resource you agree to our terms of use. All data is protected by our Privacy Notice.

By submitting this form, you are confirming you are an adult of 18 years or older and you agree to Mandiant contacting you with marketing-related emails or by telephone. You may unsubscribe at any time. Mandiant websites and communications are subject to their Privacy Notice.