Summary: Mandiant’s M-Trends 2025 report reveals the evolving tactics of cyber attackers, with a particular focus on the increased use of stolen credentials as an infection vector. The report emphasizes the importance of understanding the limitations of its statistics and the influence of Mandiant’s clientele bias. Additionally, it highlights a new threat classification for DPRK IT workers, underscoring their potential as a serious threat outside of traditional boundaries.
Affected: Mandiant, organizations relying on Mandiant’s threat intelligence, and various industry sectors
Keypoints :
- Mandiant’s reports are based on telemetry from their own investigations, which may not represent global statistics due to potential bias toward their clients, particularly in finance.
- Exploits remain the most common initial infection vector, while stolen credentials have surpassed email phishing, prompting a shift in attack strategies due to improved defenses.
- DPRK IT workers have been classified as a distinct threat group, indicating a potential rise in their influence and capabilities as a global cyber threat.
Source: https://www.securityweek.com/m-trends-2025-state-sponsored-it-workers-emerge-as-new-global-threat/