Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements. https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing...
Jun 04, 2025•38 min
JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025
May 19, 2025•17 min
Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability https...
May 05, 2025•28 min
Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were using to likely support cyber espionage goals. He delves into these findings and the usage of RemoteApps and victim file mapping via RDP, and closes with some of the mysteries that remain about this activity. https://cloud.google.com/blog/topics/threat-intellige...
Apr 14, 2025•34 min
Imran Ahmad (Senior Partner, Canadian Head of Technology and Canadian Co-Head of Cybersecurity and Data Privacy at Norton Rose Fulbright) joins host Luke McNamara to discuss how executives are thinking about cyber risk in a changing and evolving landscape. He touches on the importance of training before a breach, how ransomware has changed security conversations with boards, and the promise and risk of emerging technologies like AI play for enterprises.
Mar 10, 2025•36 min
Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecast https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat
Feb 28, 2025•45 min
Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. https://cloud....
Feb 19, 2025•26 min
Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabili...
Feb 05, 2025•27 min
Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more.
Dec 02, 2024•41 min
Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercise https://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf...
Oct 18, 2024•29 min
Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more. For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html https://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-an...
Oct 04, 2024•37 min
Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more.
Sep 26, 2024•27 min
Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. For more on TAG's work on CSVs: https://blog.google/threat-analysis-group/state-backed-attackers-and-com...
Sep 04, 2024•24 min
Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros. For more on this topic, please see: https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/ https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42...
Jul 25, 2024•36 min
Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself. For more, please see: https://cloud.google.com/security/solutions/mandiant-ai-consult...
Jun 27, 2024•32 min
Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more. Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s
Jun 03, 2024•30 min
Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. For more, check out: https://cloud.google.com/blog/topics/threat-intelligence/china-...
May 22, 2024•30 min
Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors. They also discuss the role a suspected Volt Typhoon cluster played into the fol...
May 16, 2024•28 min
Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends
Apr 29, 2024•26 min
Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.
Apr 11, 2024•41 min
Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more.
Mar 29, 2024•43 min
Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations, and more.
Mar 14, 2024•26 min
Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023
Feb 21, 2024•35 min
Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors...
Feb 07, 2024•44 min
Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop
Jan 25, 2024•28 min
For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year.
Jan 10, 2024•45 min
Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023. Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more.
Dec 12, 2023•38 min
Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape, collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security. For more on the Department of Homeland Security and their work, please see: Cybersecurity | Homeland Security (dhs.gov) Shiel...
Oct 25, 2023•21 min
Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud
Oct 19, 2023•37 min
Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41 Follow Kristina on X @chmodxx_
Sep 20, 2023•33 min
