1、EMBARGOSPECIAL REPORT:MANDIANT M-TRENDS 20231M-Trends2024 Special ReportGoogle Cloud Security Special Report:Mandiant M-Trends 20242Table of ContentsIntroduction 3By the Numbers 5 Global Trends 6 Campaigns and Global Events 31 Regional Trends 34 Americas 34 JAPAC 39 EMEA 44 MITRE ATT&CK 49Articles 6

2、0 Chinese Espionage Operations Targeting The Visibility Gap 61 Attacker Operations Involving Zero-Days Vary Depending on Motivation 66 Evolution of Phishing Amid Shifting Security Controls 70 How Attackers Leverage AiTM to Overcome MFA 75 Cloud Intrusion Trends 78 Artificial Intelligence in Red(and

3、Purple)Team Operations 81Conclusion 83 Bibliography 85SPECIAL REPORT:MANDIANT M-TRENDS 20233EMBARGOM-Trends2024 Special ReportGoogle Cloud Security IntroductionSpecial Report:Mandiant M-Trends 20244One of the big takeaways from our 2023 engagements,and consequently a key theme of M-Trends 2024,is th

4、at attackers are focusing more on evasion.They are aiming to avoid detection technologies(such as endpoint detection and response)and maintain persistence on networks for as long as possible,either by targeting edge devices,leveraging“living off the land”and other techniques,or through the use of ze

5、ro-day vulnerabilities in security and other solutions prevalent throughout enterprises.Despite attackers efforts to evade detection,defenders are continuing to get better at identifying compromises.The global median dwell timedwell time is the number of days an attacker is on a system from compromi

6、se to detectioncontinued its downward trend in 2023,and is now 10 days(from 16 days in the previous year).Its a big victory for the good guys,but ransomware is still a key factor in driving down dwell time since it tends to be detected more quickly.Furthermore,Mandiant red teams typically achieve th