Matt Lin @mahlerware
incident response @google @mandiant United States Joined May 2019-
Tweets361
-
Followers249
-
Following694
-
Likes5K
Uncharmed: Untangling Iran's APT42 Operations | APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. cloud.google.com/blog/topics/th… @Mandiant
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Great report from our brothers and sisters in arms at @Mandiant. I can deeply, DEEPLY corroborate the opening line. Attackers are investing in evasion and we're seeing that (and, sometimes, NOT seeing it) in @GreyNoiseIO.
Great report from our brothers and sisters in arms at @Mandiant. I can deeply, DEEPLY corroborate the opening line. Attackers are investing in evasion and we're seeing that (and, sometimes, NOT seeing it) in @GreyNoiseIO. https://t.co/ifI2aNClCC
In 2014, @JohnHultquist named a Russian hacking group "Sandworm". Today, Mandiant graduates it to APT44 & reveals the online persona they created, CyberArmyofRussia, disrupted U.S. and Polish water utilities, as well as a dam in France. Full report: services.google.com/fh/files/misc/…
As @taylorswift13 says, it’s been a long time coming
As @taylorswift13 says, it’s been a long time coming https://t.co/YSefmwKuum
This is a long time coming. 🇷🇺APT44: Unearthing Sandworm: services.google.com/fh/files/misc/…
Today, @Mandiant / @Google is opening up a Can o’ Sandworms. I’m incredibly proud to have led the year+ long effort with a brilliant group of colleagues to graduate Sandworm into APT44. cloud.google.com/blog/topics/th…
Dissect...I say eviscerate. Outstanding read.
In the latest blog post, #Mandiant experts dissect post-exploitation activities observed on vulnerable Ivanti Connect Secure appliances. Gain expert insights and recommendations. Read the blog: bit.ly/3PM1uxF #Cybersecurity #ThreatIntelligence
Another part of our reporting on Ivanti. This time I had a privilege to contribute to the blog. We analyzed a SPAWN malware ecosystem, which consists of a stealthy passive backdoor, a tunneler, clever log tampering utility and an installer. cloud.google.com/blog/topics/th…
Just when you thought we were done with Ivanti reporting 😎Lot of great information on the other clusters Mandiant is tracking as having taken an interest in exploitation of Connect Secure. cloud.google.com/blog/topics/th…
Attack Path diagrams are 🤌🤌🤌
Notably, this blog highlights multiple suspected China-nexus espionage clusters and their operations as well as multiple new malware families such as BRICKSTORM, TERRIBLETEA, and the SPAWN* family.
Latest Ivanti update from @Mandiant is now LIVE on the @googlecloud blog, covering case studies in post-exploitation activity and new custom malware families identified on compromised ICS appliances. cloud.google.com/blog/topics/th…
🔥 Hot 🔥 off the press, a new @Mandiant blog detailing several case studies of lateral movement / post-ex activity we’ve observed following successful exploitation of Ivanti CS appliances. cloud.google.com/blog/topics/th…
🪲And the 2023 Year in Review of Zero-Days Exploited In-the-Wild is out! This year I teamed up with @JaredSemrau & James from Mandiant to write a joint report combining our expertise and providing a more holistic view on in-the-wild 0-days in 2023 🔥🧐 blog.google/technology/saf…
I saw some incredible things this week @Mandiant Intel. You know who you are.
New blog post! Title: Covert TLS n-day backdoors: SparkCockpit & SparkTar | by NVISO Incident Response Link: wp.me/p84lDr-4w7 #Forensics #ReverseEngineering #CVE #Ivanti #PulseSecure
🚨 New joint advisory from @CISACyber, @FBI, and their Five Eyes partners including @CyberGovAu was just released on this threat which references @Mandiant's findings.
🚨 New joint advisory from @CISACyber, @FBI, and their Five Eyes partners including @CyberGovAu was just released on this threat which references @Mandiant's findings. https://t.co/0aNM7fNv60
🚨IMPORTANT: Protect your networks from threat actors exploiting Ivanti gateway vulns to achieve persistence. 🙏to all of our partners who collaborated on this important advisory, including @Volexity, @Mandiant, & @GoIvanti: go.dhs.gov/Jeg
Jana Kwilosz @kwilos_ja
13 Followers 3K Following
MikeWavada @WavadaMike
220 Followers 3K Following Cyber specialist specializing in Imposter Syndrome. Former USMC. Currently with Prestige Worldwide. Likes Nickelback.
Remi Alstott @r_alst
80 Followers 5K Following
Ferne Helmen @FerneHelme95229
49 Followers 5K Following
Sisart @Sisart227619
0 Followers 165 Following
Edna @ednadotolo72
164 Followers 3K Following
perfect4sec @perfect4sec
517 Followers 4K Following DFIR | Threat Intelligence | Malware Analyst | Researcher | Mexican Cybersecurity Defender Team 🇲🇽 #MXCSDT
Aamina Flaa @AaminaFlaa14887
58 Followers 5K Following
Cataleya Aguada @catale_agua
37 Followers 5K Following
Bobby Waiden @WaideBobb
47 Followers 5K Following
Melissa Stanish @StaniMelis
35 Followers 5K Following
Alice 🍌 @Alice_Kealy576
10 Followers 437 Following Lеt's еsсapе thе ordinаrу and hаvе sоmе аdult fun!
Tiffany Hughes @TiffanyHug70433
0 Followers 492 Following
Titus Cobb @CobbTitus5199
10 Followers 771 Following
Fannie Acevedo @fannie93694
95 Followers 5K Following
Aiza Sulloway @sulloway76303
77 Followers 5K Following
Xanthe Ven @XantheVen60840
78 Followers 5K Following
md-ir-ap @ansari_response
197 Followers 224 Following 🦅🦅🦅 Mandiant Advanced Practices🦅🦅🦅 *opinions are my own and do not express the views or opinions of my employer
Josh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇
💕 @futureBunnyCake
40 Followers 1K Following
chris! @burritosec
387 Followers 724 Following he/him 🏳️🌈 | cyber threat stuff | ex-GRC grouch, former MDR menace | my tweets are my opinions, my opinions are my own
Matt Caylor @beskardev
136 Followers 645 Following I’m just a simple man, trying to make his way through the InfoSec universe. Comments are mine alone & do not reflect official position of my employer.
Nicolaas @NicolaasDBvB
45 Followers 597 Following
JDE @0xf0c8e514
30 Followers 504 Following I like to broke computer stuff. Or save them. I don't know anymore.
Devin McLean @devinmclean
445 Followers 2K Following SOC & cyber infrastructure manager. I hunt the badness alongside my team. Father of 3. I like video games. Engineer at heart.
Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yara
AJ Vicens || @ajvicen.. @AJVicens
11K Followers 10K Following Senior Reporter, cybercrime, state-aligned threats @CyberScoopNews. Was @MotherJones, @UMKnightWallace Signal: ajvicens.57 (more: https://t.co/VC3mfeOaua)
yum, CISSP, CCSP, CEH.. @yum_yum_YB
127 Followers 1K Following
Karl Dolio @KarlD69375
79 Followers 5K Following
Majorie Hoff @HofMajori
45 Followers 5K Following
Sudokú @tripulody
27 Followers 226 Following "Sometimes it is just better to remain silent and smile."
🄲🅈🄱🄴🅁 .. @Cyber_Asia_
3K Followers 399 Following Follow us for the latest #cybersecurity news in Asia Pacific.
Irene 😳 @Irene9568
7 Followers 527 Following Lооking fоr somеоne whо саn mаtсh her desires аnd арреtitе
Andrew Morris @Andrew___Morris
20K Followers 3K Following 🔳 Internet listener. Founder/Chief Architect of GreyNoise Intelligence (@GreyNoiseIO)
The ComplianceAide @BlasikRandy
291 Followers 2K Following Founder of the ComplianceAide. We imitate all of the actions of a Cybersecurity compliance professional using a team of AI agents.
ɴᴇɴᴀᴅ @nvijatov
662 Followers 2K Following security architect | #cybersec #cloud #blueteam #azuresecurity | opinions are my own
fadz @daf_nalz
2 Followers 800 Following
Adrian Luca (infosec... @adrian__luca
685 Followers 2K Following Security Test & Threat intelligence Engineer @virusbtn
Andreas Sfakianakis /.. @asfakian
5K Followers 4K Following Tweets about Cyber Threat Intelligence | SANS #FOR578 Instructor | Speaker My tweets=my views. RTs ≠ endorsement. https://t.co/6zRhe2JRUj
aurora borealis @princessauroraj
536 Followers 3K Following infosec researcher @ SpyCloud LABS | ACD roller derby ❤️ Lois Pain | she/her
MikeWavada @WavadaMike
220 Followers 3K Following Cyber specialist specializing in Imposter Syndrome. Former USMC. Currently with Prestige Worldwide. Likes Nickelback.
Jeff Woolsey (also on.. @WSV_GUY
9K Followers 387 Following Principal Program Manager, Microsoft. Azure Stack HCI/Windows Server/Hybrid Cloud. He/Him. Tweets are mine and don't represent my company. 🇵🇦🇺🇸
Rocky Mountain Inform.. @The_RMISC
1K Followers 120 Following We are the premier Information Security conference in Colorado! Thank you to those who joined us on June 7-9, 2023! More info at https://t.co/24geTXrtNM.
waymon @obnoxious4n6
610 Followers 1K Following Senior Security Research Manager @Microsoft GHOST || tryin to navigate this cyber stuff || tweets == my own
780th Military Intell.. @780thC
32K Followers 549 Following Official Twitter page of the 780th MI Brigade (Cyber). The Army's only offensive cyberspace operations brigade (following, retweets and links ≠ endorsement).
cts🌸 @gf_256
52K Followers 625 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboy
Lindsey O'Donnell Wel.. @LindseyOD123
3K Followers 2K Following Executive editor at @DecipherSec. Previous @ThreatPost, @CRN, @Holy_cross, @DJNF alum Hit me up on Signal: lindseyodwelch.22
Lee Chagolla-Christen.. @tifkin_
13K Followers 812 Following I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7. Mastodon: @[email protected]
Andrew Case @attrc
28K Followers 4K Following @Volatility Core developer, Dir. of Research @Volexity, @lsucyber, The Art Of Memory Forensics Co-Author
Maor Shwartz @malltos92
3K Followers 4K Following Help researchers, offensive cybersecurity companies and governments navigate the offensive cybersecurity industry
Josh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇
Łukasz @maldr0id
13K Followers 999 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄
chris! @burritosec
387 Followers 724 Following he/him 🏳️🌈 | cyber threat stuff | ex-GRC grouch, former MDR menace | my tweets are my opinions, my opinions are my own
JDE @0xf0c8e514
30 Followers 504 Following I like to broke computer stuff. Or save them. I don't know anymore.
Nicolaas @NicolaasDBvB
45 Followers 597 Following
Matt Caylor @beskardev
136 Followers 645 Following I’m just a simple man, trying to make his way through the InfoSec universe. Comments are mine alone & do not reflect official position of my employer.
Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yara
AJ Vicens || @ajvicen.. @AJVicens
11K Followers 10K Following Senior Reporter, cybercrime, state-aligned threats @CyberScoopNews. Was @MotherJones, @UMKnightWallace Signal: ajvicens.57 (more: https://t.co/VC3mfeOaua)
yum, CISSP, CCSP, CEH.. @yum_yum_YB
127 Followers 1K Following
EdTech Higher Ed @EdTech_HigherEd
39K Followers 3K Following Technology issues facing #highered IT leaders and educators. // Sponsored by CDW•G // Sign up for timely insights, free! https://t.co/kMPp8qcKHR
Stephen Sims @Steph3nSims
20K Followers 601 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
TracingWoodgrains @tracewoodgrains
22K Followers 1K Following Storyteller. CFP @TheBARPod. Pursue excellence. Eng/中文
Max Rogers @MaxRogers5
3K Followers 1K Following Sr. Director, Security Operations Center @HuntressLabs | Ex-Mandiant/FireEye | Amateur Runner | Solving Cyber Security for Small & Mid-Sized Businesses
Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
spotheplanet @spotheplanet
11K Followers 138 Following Hacking the planet at https://t.co/ifUgKQtEYV. Buy me a vinyl at https://t.co/SO41y55HJL
Kurtis Lin @kurtisjlin
4K Followers 408 Following Founder & CEO @pinwheelapi, scaled it from $0 to $500M. Sharing insights on building to $1B and beyond + how to stay fit along the way!
Tim Denning @Tim_Denning
51K Followers 89 Following Blogger with 1B+ views that made me 7+ figures | I’ll teach you how to build an audience and make money writing | Get my free email course below ↓
Ali Hadi | B!n@ry @binaryz0ne
29K Followers 567 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |
Nicolas Cole 🚢 @Nicolascole77
181K Followers 619 Following I talk about digital writing, ghostwriting, and self-publishing. | Co-Founder Ship 30 for 30, Typeshare, Premium Ghostwriting Academy. | Author of 10 books.
Brian Baskin @bbaskin
7K Followers 853 Following Threat researcher, malware analysis, RE, incident response, with some old school forensics and CTFing. Apologetic ginger. These are my personal opinions
Martin Donath @squidfunk
4K Followers 206 Following Author of Material for MkDocs, one of the simplest and most popular Open Source solutions to create documentation for your project or a technical blog
NVISO Labs @NVISO_Labs
4K Followers 347 Following NVISO Labs is the research arm of @NVISOSecurity, focused on infosec research. This is where our lab rats share the results! 🐀
The ComplianceAide @BlasikRandy
291 Followers 2K Following Founder of the ComplianceAide. We imitate all of the actions of a Cybersecurity compliance professional using a team of AI agents.
Adrian Luca (infosec... @adrian__luca
685 Followers 2K Following Security Test & Threat intelligence Engineer @virusbtn
Leo @Itz_L30
946 Followers 969 Following Security Researcher | SOC Analyst #OSINT | #DFIR | #threatintel I know what you hide🤫
ɴᴇɴᴀᴅ @nvijatov
662 Followers 2K Following security architect | #cybersec #cloud #blueteam #azuresecurity | opinions are my own
Christian @THIR_Sec
408 Followers 735 Following 🏹 @SentinelOne | @SANS_EDU #MSISE Alum | Former @TheDFIRReport Contributor. Expressed opinions are my own.
Dillon Franke @dillon_franke
412 Followers 282 Following Hacker & Vulnerability Researcher @ Google/Mandiant
aurora borealis @princessauroraj
536 Followers 3K Following infosec researcher @ SpyCloud LABS | ACD roller derby ❤️ Lois Pain | she/her
Andreas Sfakianakis /.. @asfakian
5K Followers 4K Following Tweets about Cyber Threat Intelligence | SANS #FOR578 Instructor | Speaker My tweets=my views. RTs ≠ endorsement. https://t.co/6zRhe2JRUj
Decipher @DecipherSec
4K Followers 419 Following Security without fear. Decipher delivers journalism on information security and privacy that informs, educates and inspires. Editors: @DennisF & @lindseyOD123.
Jake Knowlton @j2k3k
2K Followers 2K Following @Mandiant | Board member at @VeteranSec | https://t.co/6nviinvBUQ | tweets are my own | Ask me why I hate Andrew Northern
Patch ALL teh things we constantly tell CISOs and CIOs. Thing is, let's be honest with each other right? we can't and this graph is telling. Patching is a pain, we get it and we do need to revolutionise the approach. Two years ago, @LargeCardinal wrote a phenomenal paper
thinking about when we deployed an initial test sensor in the islamic republic of ir*n and ran apt-get update and it came back with a certificate error
Live look at the Mandiant DPRK team right now ic3.gov/Media/News/202…
This dmarc abuse campaign is popping off rn. Can check your domain out here mxtoolbox.com/dmarc.aspx. Also shout out to all the IT staffs that told the victims and us “it’s fine”. Smh
Actions have consequences. "a reminder to ransomware actors everywhere: we will track you down and bring you to justice" justice.gov/opa/pr/sodinok…
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Uncharmed: Untangling Iran's APT42 Operations | Google Cloud Blog cloud.google.com/blog/topics/th…
Wake up @SLEUTHCON swag dropped
Our product is 🤌🏻 Don’t miss the opportunity to attend #SLEUTHCON! Register now at sleuthcon.com.
Uncharmed: Untangling Iran's APT42 Operations | APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. cloud.google.com/blog/topics/th… @Mandiant
His smoke too tough. His swag too different.
Mets fan removed from $1 hot dog night after fans throw wieners at him in wild scene trib.al/GzOvRq9
The Terraform fork is off to a good start.
OpenTofu 1.7.0 is now available! The headline features: 🔐 Client-side state encryption (finally!!) 🛠️ Provider-defined functions 🔄 for_each on import blocks 🗑️ Declarative remove blocks The best open source IaC tool is getting better! 🎉
PLEASE RT: IMPORTANT Folks, we are making security changes in Windows Server 2025 such as in Active Directory, File Servers, SMB to name a few. We’ve been messaging these changes, but in case you missed them, this thread is for you.
Mystery guest alert! Get ready for some surprises at RMISC 2024! 🕵️♂️ Here's a clue: Our special guests are none other than Canon Hall of Fame Winners! 📚 We can’t wait to share the news! 🎟️Register today! iplanit.swoogo.com/rmisc2024 @Denver_ISACA @ISSA_Denver
for all my 19 year old cs major followers it's time to learn chinese buddy
Finally got around to reading thru more of the @Mandiant M-Trends report and this graphic felt like reading a diary of my life in 2023
As #malware continues to challenge analysts, so we checked how Gemini 1.5 Pro could help and found that: 🔎 Results were accurate, even with a zero-detection @virustotal sample ⏱️ It produced an accurate analysis in less than a minute Learn more: bit.ly/3WjINFq
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Trends for United States
You might like
