Back
#156
January 22, 2024

EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive

Guest:

Topics:

Cloud IR and Forensics Threat Intelligence
29:29

Subscribe at Google Podcasts.

Subscribe at Spotify.

Subscribe at Apple Podcasts.

Subscribe at YouTube

Topics covered:

  • Could you give us a brief overview of what this power disruption incident was about?
  • This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here?
  • We also saw a wiper used to hide forensics, is that common these days?
  • Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves?
  • How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really? 
  • Could you share how this came about and maybe some of the highlights in our relationship helping defend that country?

Do you have something cool to share? Some questions? Let us know:

View more episodes