Threat Intelligence, Incident Response, TDR

Foreign attackers email phishy invoices to Mandiant CEO

The head of a firm, which uncovered major findings on China-based espionage efforts, realized he was the target of phishers in the country.

Kevin Mandia, CEO of Alexandria, Va.-based incident response and forensic firm Mandiant, recently shared the details of the ruse to Foreign Policy magazine. In a Monday article, the publication revealed that saboteurs were sending Mandia malicious emails designed to look like invoices from a limo company he frequently used.

“I've been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that's awesome,” Mandia reportedly said. The CEO discovered something was awry when he began receiving receipts on days he hadn't used the limo service.

Further investigation confirmed Mandia's suspicions – that the emails contained a malicious payload.

Related

Chinese cyberattacks escalated in 2024

Chinese state-sponsored threat operation Volt Typhoon, also known as Vanguard Panda, was regarded by CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers to be among the more concerning China-linked threats after pre-positioning itself in U.S. critical infrastructure networks last year.

Clickjacking protections evaded by novel exploit

Attacks using DoubleClickJacking commence with visits to a malicious site redirecting to a new tab or window without any user interaction, which will be followed by a CAPTCHA verification triggering a double-click that prompts the exploitation of the JavaScript Window Location object.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BackdoorBotnetBrute ForceComputer Emergency Response Team (CERT)Covert ChannelsDeepfakeDefacementDenial of ServiceDistributed ScansDomain Hijacking

You can skip this ad in 5 seconds