EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive

Topics covered:

• Could you give us a brief overview of what this power disruption incident was about?
• This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here?
• We also saw a wiper used to hide forensics, is that common these days?
• Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves?
• How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really? 
• Could you share how this came about and maybe some of the highlights in our relationship helping defend that country?