DESTRUCTIVE CAMPAIGNS AGAINST UKRAINIAN ENTITIES UNCOVERED
Mandiant anticipated Russia would continue to conduct destructive and disruptive cyber attacks in support of its invasion of Ukraine.
To mitigate risk, Mandiant Managed Defense initiated a Community Protection Event to notify customers of the increased threat level and proactive measures taken by Mandiant to protect them against emerging threats. Among the potential targets of these emerging threats are government, financial services, energy and utilities, media and entertainment, and transportation sectors.
In January 2022, Managed Defense discovered a spear-phishing campaign targeting European diplomatic organizations. The phishing emails deployed the BEATDROP downloader to download and run CobaltStrike BEACON in-memory. Mandiant associates this activity to APT29, which has targeted a wide range of European and North American governments and international organizations.
In March 2022, Managed Defense responded to the successful exploitation of an Exchange Server at a Ukrainian entity. Exploitation of the vulnerability led to the deployment of a webshell and attempted deployment of the NEARTWIST wiper, also known as IsaacWiper. Managed Defense worked with the targeted entity to respond and contain the affected hosts to prevent malware deployment.