Mandiant Archives

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s…

3 days ago By Matt Kapko

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

The vulnerability threat intelligence firm’s research reinforces a slew of recent reports warning about increased exploits in 2024.

Apr 24, 2025 By Matt Kapko

The four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers. (Getty Images)

Attackers hit security device defects hard in 2024

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…

Apr 23, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

Apr 3, 2025 By Matt Kapko

New zero-day exploit targets Ivanti VPN product

After Ivanti detected the activity, Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

Jan 9, 2025 By Matt Bracken

Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware…

Dec 17, 2024 By Greg Otto

Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

It’s part of a broader effort to counter Pyongyang’s use of tech professionals to fool U.S. companies and nonprofits.

Dec 12, 2024 By Tim Starks

Tankers from the 33rd separate mechanized brigade of the Ukrainian Ground Forces fire with a Leopard 2A4 tank during a field training at an undisclosed location in Ukraine on Oct. 27. (Photo by Genya SAVILOV / AFP)

Suspected Russian hacking, influence operations take aim at Ukrainian military recruiting

Google’s Threat Analysis Group and Mandiant said one group is behind the hybrid campaign that takes aim at both recruits and broader recruiting efforts.

Oct 28, 2024 By Tim Starks

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet warns of active campaign exploiting bug in FortiManager products

At least 50 organizations have been hit by the campaign, Fortinet and Mandiant say, and federal agencies are on the hook to patch.

Oct 24, 2024 By Christian Vasquez