Knowing about a potential cyberattack early can be the difference between a minor incident and a significant crisis. At Mandiant, a part of Google Cloud, we are committed to proactively protecting the global community through our Victim Notification Program. This initiative leverages our unparalleled threat intelligence and incident response expertise to directly inform organizations when we identify a potential compromise, empowering them to take swift action.
Mandiant’s mission is to make organizations secure against cyber threats and confident in their readiness, whether they are a customer or not. We believe that sharing timely and actionable threat intelligence is a crucial step in achieving this goal. Our Victim Notification Program embodies this commitment by providing critical information to potential victims, free of charge.
As part of Google Cloud, Mandiant's Victim Notification Program is strengthened by the vast resources and intelligence of the Google Threat Intelligence Group. This powerful combination allows us to identify and notify potential victims with even greater accuracy and speed. Mandiant has performed over 10,000 notifications since the program's inception, helping countless organizations mitigate potential cyber threats.
If you have received a notification from Mandiant about a possible breach, it means our threat intelligence indicates your organization may have been compromised. Our team undertakes this work on a best effort basis to notify the community as early as possible, giving you the best chance to remediate a problem before it gets worse.
Verify the communication: To ensure the notification is legitimate, you can contact us at VN@mandiant.com.
Validate the threat intelligence: Review the shared information and validate our findings.
Consider next steps: Depending on the intelligence, remediation may involve your regular IT security workflows. In some cases, the information may suggest a larger compromise requiring a forensic investigation.
We are available to meet and speak with you, regardless of your status as a Mandiant client, to help you understand our findings and discuss recommended actions tailored to your situation.
Our notification details originate from a variety of sources, leveraging the extensive capabilities of the Google Threat Intelligence Group, Mandiant Incident Response, and Mandiant Managed Defense. Our threat intelligence collection involves:
When we associate activity with a particular threat actor or malware family, we may provide an overview of the observed threat. The Google Threat Intelligence Group tracks three types of threat actor groups:
Advanced Persistent Threat (APT)
Adversaries assessed to take direction from nation-states for their objectives and missions.
Financial (FIN)
Adversaries assessed to monetize their intrusion activity as their primary objective and mission.
Uncategorized (UNC)
Adversaries we are tracking but have not yet classified as an APT or FIN group.
The Mandiant Victim Notification Program is a testament to our commitment to protecting the global community. Similar to how Google Chrome includes password breach notifications, Google Threat Intelligence and Mandiant combine to proactively share critical threat intelligence with compromised organizations, empowering them to defend themselves against cyber threats and contributing to a safer digital world for everyone. Our Victim Notification initiative demonstrates the powerful synergy between Mandiant's expertise and Google Cloud's resources, allowing us to provide unparalleled threat intelligence and support.
We offer dark web monitoring to keep tabs on information specific to your organization through the Digital Threat Monitoring module in the Google Threat Intelligence Platform. Dedicated threat intelligence offerings customized to your needs are available by reaching out to your Google Cloud representative. Our Crisis Communications team has extensive experience dealing with incident messaging and can help guide and craft your strategy to overcome a stressful situation.
If you need urgent assistance with an incident, contact our Incident Response team to discuss investigation options. An overview of Mandiant Consulting can be found on our website as well as a list of all our services.
If you have received notification from Mandiant about a possible breach and wish to verify the authenticity or ask questions, please reach out to: VN@mandiant.com.