Mandiant (part of Google Cloud)
@mandiant.com
We’re determined to make organizations secure against cyber threats and confident in their readiness.
The Cybersecurity Forecast 2026 report is here!
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
November 12, 2025 at 5:00 PM
The Cybersecurity Forecast 2026 report is here!
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Our insights on the widespread Oracle E-Business Suite zero-day exploitation:
✔️ Breakdown and analysis of the campaign
✔️ Deep dive into threat actor’s multi-stage, in-memory Java implant framework
✔️ Recommendations, IOCs, and more for defenders
Read now: cloud.google.com/blog/topics/...
✔️ Breakdown and analysis of the campaign
✔️ Deep dive into threat actor’s multi-stage, in-memory Java implant framework
✔️ Recommendations, IOCs, and more for defenders
Read now: cloud.google.com/blog/topics/...
October 10, 2025 at 3:38 PM
Our insights on the widespread Oracle E-Business Suite zero-day exploitation:
✔️ Breakdown and analysis of the campaign
✔️ Deep dive into threat actor’s multi-stage, in-memory Java implant framework
✔️ Recommendations, IOCs, and more for defenders
Read now: cloud.google.com/blog/topics/...
✔️ Breakdown and analysis of the campaign
✔️ Deep dive into threat actor’s multi-stage, in-memory Java implant framework
✔️ Recommendations, IOCs, and more for defenders
Read now: cloud.google.com/blog/topics/...
BRICKSTORM malware is being used by suspected China-nexus actor, UNC5221, in a stealthy espionage campaign.
-Avg dwell time: 393 days
-Targets: US legal, SaaS, BPOs & tech firms
We have released a scanner, IOCs, and guidance to help defenders.
Full analysis here: bit.ly/4pT3pku
-Avg dwell time: 393 days
-Targets: US legal, SaaS, BPOs & tech firms
We have released a scanner, IOCs, and guidance to help defenders.
Full analysis here: bit.ly/4pT3pku
September 24, 2025 at 7:12 PM
BRICKSTORM malware is being used by suspected China-nexus actor, UNC5221, in a stealthy espionage campaign.
-Avg dwell time: 393 days
-Targets: US legal, SaaS, BPOs & tech firms
We have released a scanner, IOCs, and guidance to help defenders.
Full analysis here: bit.ly/4pT3pku
-Avg dwell time: 393 days
-Targets: US legal, SaaS, BPOs & tech firms
We have released a scanner, IOCs, and guidance to help defenders.
Full analysis here: bit.ly/4pT3pku
🚨 APT41 is using malware, TOUGHPROGRESS, that leverages Google Calendar for command and control.
Learn more about the campaign and how GTIG helped disrupt it. Additionally, leverage our included YARA rules, hashes and other IOCs to help defend against this threat: cloud.google.com/blog/topics/...
Learn more about the campaign and how GTIG helped disrupt it. Additionally, leverage our included YARA rules, hashes and other IOCs to help defend against this threat: cloud.google.com/blog/topics/...
June 3, 2025 at 6:57 PM
🚨 APT41 is using malware, TOUGHPROGRESS, that leverages Google Calendar for command and control.
Learn more about the campaign and how GTIG helped disrupt it. Additionally, leverage our included YARA rules, hashes and other IOCs to help defend against this threat: cloud.google.com/blog/topics/...
Learn more about the campaign and how GTIG helped disrupt it. Additionally, leverage our included YARA rules, hashes and other IOCs to help defend against this threat: cloud.google.com/blog/topics/...
UNC3944 (Scattered Spider) is a financially-motivated threat actor known for persistent and brazen social engineering, including targeting help desks.
Our guidance can help organizations defend against the UNC3944 tactics we have observed when responding to this group.
Stay ahead ➡️ bit.ly/3EXHvtE
Our guidance can help organizations defend against the UNC3944 tactics we have observed when responding to this group.
Stay ahead ➡️ bit.ly/3EXHvtE
May 7, 2025 at 2:25 PM
UNC3944 (Scattered Spider) is a financially-motivated threat actor known for persistent and brazen social engineering, including targeting help desks.
Our guidance can help organizations defend against the UNC3944 tactics we have observed when responding to this group.
Stay ahead ➡️ bit.ly/3EXHvtE
Our guidance can help organizations defend against the UNC3944 tactics we have observed when responding to this group.
Stay ahead ➡️ bit.ly/3EXHvtE
We tracked 75 zero-days exploited in the wild in 2024.
Zero-day use is steadily increasing, notably for espionage. We see more focus on enterprise technologies, over 60% of which were security and networking products.
Read the report for metrics, trends and more: cloud.google.com/blog/topics/...
Zero-day use is steadily increasing, notably for espionage. We see more focus on enterprise technologies, over 60% of which were security and networking products.
Read the report for metrics, trends and more: cloud.google.com/blog/topics/...
April 30, 2025 at 8:13 PM
We tracked 75 zero-days exploited in the wild in 2024.
Zero-day use is steadily increasing, notably for espionage. We see more focus on enterprise technologies, over 60% of which were security and networking products.
Read the report for metrics, trends and more: cloud.google.com/blog/topics/...
Zero-day use is steadily increasing, notably for espionage. We see more focus on enterprise technologies, over 60% of which were security and networking products.
Read the report for metrics, trends and more: cloud.google.com/blog/topics/...
M-Trends 2025 is here!
Get data from our investigations, including top initial infection vectors and targeted industries, and dive deep into trends such as rising infostealer use and the DPRK insider threat. We also share recommendations to stay ahead.
Read now: cloud.google.com/security/res...
Get data from our investigations, including top initial infection vectors and targeted industries, and dive deep into trends such as rising infostealer use and the DPRK insider threat. We also share recommendations to stay ahead.
Read now: cloud.google.com/security/res...
April 23, 2025 at 7:40 PM
M-Trends 2025 is here!
Get data from our investigations, including top initial infection vectors and targeted industries, and dive deep into trends such as rising infostealer use and the DPRK insider threat. We also share recommendations to stay ahead.
Read now: cloud.google.com/security/res...
Get data from our investigations, including top initial infection vectors and targeted industries, and dive deep into trends such as rising infostealer use and the DPRK insider threat. We also share recommendations to stay ahead.
Read now: cloud.google.com/security/res...