The Defender's Advantage Podcast

In this episode, Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed joins host Luke McNamara to discuss their blog post detailing their investigation on the activity of UNC3313. The group details the collaboration between their respective teams at Mandiant to detect and respond to an intrusion by the threat actor.Read their blog post, “Left on Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity,” at https://www.mandiant.com/resources/telegram-malware-iranian-espionage

In this episode, Mandiant Principal Analyst Cristiana Brafman Kittner joins host Luke McNamara to discuss the potential cyber threats to the 2022 Winter Olympic Games. The conversation delves into cyber incidents attached to previous games as well as what we could see this year at the games being held in Beijing.

Host Luke McNamara is joined by Michelle Cantos, John Doyle, and James Sadowski to discuss the role of contractors in cyber network exploitation (CNE) and other cyber operations. For further reading on this topic for Mandiant Advantage and MA Free users, please see  “She Doesn’t Even Go Here: The Role of Contractors in the Cyber Landscape” at https://advantage.mandiant.com/reports/21-00013849. Register today for Mandiant Threat Intelligence Free. 

For our last episode of the year, Mandiant CEO Kevin Mandia joins host Luke McNamara for a year in review of 2021. The discussion includes a look back at the SolarWinds incident one year later as well as look forward to 2022 with the three things that are top of his mind going into the New Year. Additionally, Kevin touches on the future of Mandiant and the Mandiant Advantage platform.

Columbia University researcher Jason Healey joins host Luke McNamara to discuss how cyber policy has evolved over the years, the dynamics of cyber conflict, and more. In particular, this conversation delves into the risks of escalation in a crisis, how norms may (and may not) shape such conflicts, and changing the role between defense and attack. 

Jake Knowlton, Andy Schmidt, and Paul Shaver join host Luke McNamara to discuss making the transition from the military to working in cyber security. Jake, Andy, and Paul share their perspectives and how they became involved in this field, some of the challenges veterans might face, and how veterans can position their prior experience for roles in infosec. For more on Mandiant’s partnership with VetSec, please see this blog post: https://www.mandiant.com/resources/mandiant-collaborating-with-vetsec-to-train-us-service-members-veterans 

Jared Semrau and James Sadowski join host Luke McNamara to discuss some of their teams’ research this year into the rise of observed 0-days and other exploitation trends. They cover how the vulnerability landscape has evolved over the years, what has made 2021 stand out so far, and how the nature of threat activity—particularly the growth of ransomware—has shifted the makeup of actors in this space. For Mandiant Advantage users, please see related reporting mentioned in this episode: Patch Me If You Can: Analyzing Trends in Time to Exploit (Q1 2020 Through Q1 2021)Shut the Front Door: VPN Vulnerability Exploitation Trends, January 2019 – June 2021

While the broader discussion of cyber-related incidents, events, and trends are contributed to by many different types of organizations and individuals, journalists play an important role in furthering our collective understanding of this space. Journalist Kim Zetter joins host Luke McNamara on Eye on Security to share her perspective in covering cybersecurity as a journalist. Kim discusses how the cybersecurity beat has evolved over the years, where she gathers information to write stories, and some of the themes she sees in the current conversation about cybersecurity issues. 

For the launch of Mandiant’s most newly graduated threat group, FIN12, Kimberly Goody (Director, Financial Crime Analysis) and Josh Shilko (Principal Technical Analyst, Financial Crime Analysis) join Eye on Security to discuss this actor. They cover this group’s TTPs and targets, where they fit into the ransomware ecosystem, and what makes this particular threat actor unique in the landscape.  

Host Luke McNamara is joined by Eli Fox and Michael Barnhart, both Senior Analysts at Mandiant, to discuss some of their work tracking various North Korean threat clusters. Michael and Eli share their perspectives on the continuously changing landscape of DPRK threat actors, some of the challenges in tracking them, and how information from defectors augments the technical data in their analysis. They share several stories of recent campaigns and delve into where some of these threats may be headed next.