A threat actor known as UNC2975 has been using malicious advertisements to distribute malware since 2021. They create fake websites related to topics like unclaimed money and astrology to trick users into visiting them.

Chinese cyber espionage group UNC3886 has been observed developing and deploying malware on systems such as network appliances, SAN arrays, and VMware ESXi hosts that do not generally support Endpoint Detection and Response (EDR) solutions.

The malware can create disruptions in the electrical power supply by interacting with IEC 60870-5-104 (IEC-104) devices. These devices, including RTUs, are widely used in electric transmission and distribution in Europe, the Middle East, and Asia.

The number of false claims is at times challenging to debunk. However, despite the inaccuracy of most claims, when hacktivist activity targeting OT becomes commonplace, the likelihood of actual and even substantial OT incidents increases.

Mandiant researchers tracked 55 zero-day vulnerabilities that they judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020.

Threat activity tracked as UNC4166 likely trojanized and distributed malicious Windows operating system installers which drop malware that conducts reconnaissance and deploys additional capability on some victims to conduct data theft.

During the short timespan that APT29 was determined to be active inside the victim network, Mandiant observed numerous LDAP queries with atypical properties performed against the Active Directory system.

This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns.

Although some of these are quite certainly operating independently of the Russian state, Mandiant identified multiple hacktivist groups whose moderators are suspected to be either a front for, or operating in coordination with, the Russian state.

Mandiant has collected enough evidence to determine that APT42 is a state-sponsored threat actor who engages in cyberespionage against individuals and organizations of particular interest to the Iranian government.