Mandiant (part of Google Cloud)

Get ready for a unique, immersive security experience at #GoogleCloudNEXT in Las Vegas! Don’t miss out, register today: https://bit.ly/4hvfs1H

In mid 2024, we discovered custom backdoors deployed on Juniper Networks’ Junos OS routers. The backdoors had varying custom capabilities, including active and passive backdoor functions, and an embedded script that disables logging mechanisms on the target device. We ultimately attributed the backdoors to China-nexus espionage group UNC3886. We recommend that organizations upgrade their Juniper devices to the latest images released by Juniper Networks, which includes mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). Organizations should run the JMRT Quick Scan and Integrity Check after the upgrade. Learn about the full story in our latest blog post, along with recommendations, IOCs and detections to help defend against the threat: https://bit.ly/3XNuk4y #malware #threatintelligence

Ever wondered how Google does security? As part of our “How Google Does It” series, we’ll share insights, observations, and top tips about how Google approaches some of today's most pressing security topics, challenges, and concerns — straight from Google experts. In this edition, Stefan Friedli, one of Google's staff security engineers and a global lead for the Red Team, dives into the critical role the Google Red Team plays in helping to defend Google, and shares some insights into what makes our approach unique. ?? Read more: https://bit.ly/3Fpr89e #cybersecurity #redteam #threatintelligence

Our latest blog post presents an in-depth exploration of Microsoft's Time Travel Debugging (TTD) framework, a powerful record-and-replay debugging framework for Windows user-mode applications. We examine specific challenges, provide historical context, and analyze real-world emulation bugs, highlighting the critical importance of accuracy and ongoing improvement to ensure the effectiveness and reliability of investigative tooling. Ultimately, addressing these emulation issues directly benefits users by enhancing security analyses, improving reliability, and ensuring greater confidence in their debugging and investigative processes. Get the full details: https://bit.ly/4iHIsEw #Cybersecurity #debugging #malware

In our our day-to-day work, our FLARE team often encounters Go-based malware protected by garble, a tool that strips binaries, mangles function names, and encrypts strings, making static analysis a major challenge. One of the biggest hurdles? String encryption. To cut through this complexity, we’ve broken down garble’s transformations and built a tool to automate the process. Introducing GoStringUngarbler a Python command-line tool that automatically decrypts strings found in garble-obfuscated Go binaries. ??? By recovering plaintext strings and restoring them in the binary, GoStringUngarbler speeds up malware classification, detection, and reverse engineering. ?? https://bit.ly/3DpXOi9 #ThreatIntelligence #GoMalware

Don't miss us with Google Cloud at SecureWorld Boston! Stop by Booth 605 to learn how AI-powered security can transform your cyber defenses. Register today: https://bit.ly/4kvitBS #SecureWorld #cybersecurity #AI #AIsecurity #infosec

Calling all security pros! Test your knowledge, learn new techniques, and compete for prizes in our Capture the Flag challenge at Next 2025! ?? This hands-on cybersecurity experience puts you in a threat hunt, merging real-world data from Cybersecurity and Infrastructure Security Agency (CISA) advisories, ransom notes, and the dark web into a simulated investigation. Navigate through clues, analyze evidence, and solve puzzles using Google Threat Intelligence. Are you up for the challenge? Register today: https://bit.ly/3DoP2AX #GoogleCloudNEXT25 #CyberSecurity #ThreatHunting #ThreatIntel

The North Korean regime has long been involved in cyber operations to advance strategic goals. Recent tactics involve using fake identities and resumes, and even deepfake-assisted interviews to get hired as remote IT workers. Google Threat Intelligence Group (GTIG) continues to investigate the North Korean IT worker threat, observing a global expansion beyond the U.S., notably in Europe and Asia. They’re using their corporate access for data theft and to enable cyberattacks, and to ultimately generate revenue for the regime. The North Korean IT worker threat poses a serious challenge for HR and security teams. Read our latest report to understand the full scale of this threat, and how businesses can defend against it. ?? https://bit.ly/3F6GE9R #Cybersecurity #ThreatIntelligence

?? Mandiant has observed several new highly sophisticated macOS malware variants in the past year. Many of these malware variants are compiled for x86-64 architecture, likely due to broader compatibility and relaxed execution policies compared to ARM64 binaries. Analysis of AOT files, combined with FSEvents and Unified Logs (with a custom profile), can assist in investigating macOS intrusions. Dive deeper in the full blog post → https://bit.ly/4btjhDk

How does Google use threat intelligence to uncover and track financial cybercrime? Go behind the scenes with Kimberly Goody from Google Threat Intelligence Group to see how raw intelligence is gathered and turned into actionable insights. Learn more: https://bit.ly/4h8lRQt #GoogleThreatIntelligence #ThreatIntelligence