Name: Assembling the Russian Stacking Doll: UNC2452 Merged into APT29
Start: 2022-04-27T20:00:00Z
End: 2022-04-27T20:00:44.000Z
Location: BrightTALK
Rating: 3

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is part of Google Cloud.

Threat actors are no longer using Artificial Intelligence (AI) just for basic productivity gains; they have entered a new operational phase by deploying novel, AI-enabled malware and evolving their Tactics, Techniques, and Procedures (TTPs) across the entire attack lifecycle.

In this briefing, drawn from the latest Google Threat Intelligence Group (GTIG) reporting, we will expose the ways both cyber criminals and state-sponsored groups are abusing Large Language Models (LLMs) to achieve their objectives.

You Will Learn:

- The Rise of Adaptive Malware: Understand the use of novel "Just-in-Time" AI in malware families like PROMPTFLUX and PROMPTSTEAL. We will detail how these tools dynamically generate malicious scripts, obfuscate their own code mid-execution, and create functions on demand to effectively evade static detection.

- Attempts to bypass Safety Guardrails: Discover the low-sophistication methods - such as social engineering pretexts - that threat actors are using to attempt to bypass AI safety guardrails and facilitate tool development.

- Full Attack Lifecycle Augmentation: See how government-backed actors from North Korea, Iran, and the PRC are leveraging generative AI tools for every stage of their operations, from generating phishing lures and specialized social engineering to C2 development and data exfiltration.

- Expanding Attack Surfaces: Get a breakdown of how actors are using LLMs to expand their knowledge and targeting of less conventional environments, including cloud infrastructure, container systems (Kubernetes), and macOS6.

- The Cyber Crime Marketplace: Gain insight into the maturing underground marketplace for purpose-built AI tools designed to lower the barrier to entry for phishing, malware generation, and vulnerability research.

The AI-Powered Adversary: Tracking the New Wave of LLM-Enabled Cyber Attacks (APAC Timezone)

The AI-Powered Adversary: Tracking the New Wave of LLM-Enabled Cyber Attacks

For modern security teams, the gap between detecting a suspicious indicator and fully understanding the threat is often measured in days—time that defenders simply don’t have. Manually correlating data, mapping TTPs, and authoring detection rules creates critical bottlenecks that slow down response and burn out analysts.

Join Tim Gallo, Lead Global Solutions Architect, as he demonstrates how to shatter these bottlenecks using the new Agentic capabilities within Google Threat Intelligence. Tim will showcase a powerful workflow that transforms a single indicator of compromise (IOC) into a comprehensive threat hunting methodology, compressing what used to take days of research into just seven minutes.

In this session, you will learn how to:
- Instantly Pivot: Automatically correlate a raw IOC with specific malware families, threat actors, and historical campaign data.
- Automate Framework Mapping: Extract tactical behaviors and map them directly to the MITRE ATT&CK framework without manual analysis.
- Generate Immediate Detections: Watch the system build production-ready YARA, YARA-L, and Sigma rules tailored to the specific threat.
- Operationalize Defense: Create complete threat hunting playbooks on the fly to proactively defend your environment.

Don't miss this opportunity to see the future of high-velocity threat analysis in action. Register now to see how Agentic workflows can multiply your team's efficiency and speed.

From IOC to Action in Minutes: Unlocking Agentic Capabilities in Google Threat Intel (APAC Timezone)

From IOC to Action in Minutes: Unlocking Agentic Capabilities in Google Threat Intel

Modern threats utilize highly complex and obfuscated delivery chains to conceal their final payloads and evade detection. This tactical webinar, presented by Google Cloud VirusTotal Security Engineer and FLARE's reverse engineering expert, will demystify the process of analyzing these sophisticated multi-stage threats and show how to scale your static analysis pipeline.

We will demonstrate an in-depth analysis of a multi-stage .NET dropper that leads to the final AgentTesla payload. You will learn expert-level techniques to unravel these chains efficiently:

*Time-Travel Debugging (TTD) Mastery: See how to leverage TTD to navigate complex execution flows, trace obfuscation routines, and perform efficient analysis to quickly extract the primary payload.

*Rapid Static Triage: See the combined power of capa and FLOSS for swift malware capability identification and automated configuration extraction. Learn how to deobfuscate critical strings and access key indicators without ever running the final AgentTesla payload.

*Google Threat Intelligence Integration for Context & Validation: Discover how the high-fidelity indicators and extracted configuration data, once gathered, are instantly cross-referenced with Google Threat Intelligence's massive dataset. This pivoting capability allows analysts to gain immediate threat context, identify related samples, confirm findings, and showcase the effectiveness of crowd-sourced detection efforts.

We will move from initial traditional analysis to building a sense of the threat's complexity, utilizing TTD for payload extraction, analyzing the final configuration data, and pivoting to Google Threat Intelligence to see how detection is achieved through these multiple layers of obfuscation.

Don’t miss this opportunity to learn practical, scalable strategies for transforming complex reverse engineering tasks into automated, repeatable wins for your threat intelligence program.

Static Analysis at Scale: Unpacking the Malware Ecosystem

2025 was a big year for Google Threat Intelligence with a number of security-boosting and time-saving updates. We want to make sure none of these new capabilities slipped past you and make sure you are prepared for the new capabilities we are excited to deliver in 2026.

Join our product experts Megan Deblois, Product Manager and Sara Ouled, Technical Product Growth Team lead for this informative as they dive into: 
- Recently released features
- Practical new use cases
- An exclusive preview of our 2026 roadmap

Google Threat Intelligence News & 2026 Roadmap

Google Threat Intelligence News & 2026 Roadmap (APAC Timezone)

Cyber threats are constantly evolving. Learn how to stay ahead of them in 2026 with security expert Andrew Kopcienski.

Join this deep-dive session based on the Cybersecurity Forecast 2026 report, where Andrew will cover key trends and insights to help strengthen your cyber defenses in the year ahead, including:

- The AI Arms Race: How generative AI is being used by both attackers and defenders.
- Nation-State Threats: A deep dive into activity from the "Big Four"—China, Russia, North Korea, and Iran.
- The Cybercrime Economy: The latest tactics in ransomware, extortion, and cyber crime operations
- Regional Intelligence: Exclusive insights and predictions for the JAPAC and EMEA regions.

Google Cloud Cybersecurity Forecast 2026

This webinar will show you how to transform raw intelligence into a dynamic and actionable defense strategy.

We'll start with a real-world scenario sourced from Google Threat Intelligence, demonstrating how to extract key indicators and behaviors. From there, we'll use the power of agents powered by Gemini to build a robust threat model. We'll show you a step-by-step process, starting with a sequence of prompts to guide the creation of a threat hunt and then using intelligent agents to help automate and operationalize the entire workflow.

Join Muhammad Muneer, Principal Incident Response Consultant and Joseliyo Sánchez, Security Engineer as they show you how to move beyond manual analysis and use advanced AI to accelerate your threat hunting capabilities, enabling you to: 
- Proactively defend against modern threats with speed and precision
- Use AI tools to react quicker to threats when needed
- Enhance your current SOC workflows

Stop chasing alerts and start actively hunting threats. This is your chance to operationalize your threat intelligence and build a truly proactive defense with Google Cloud.

From Intel to Action: A Modern Threat Hunting Workflow

Join us for an in-depth exploration of Google Threat Intelligence, a powerful platform that blends advanced AI capabilities, crowdsourced data, large-scale device scanning, and deep human expertise from Mandiant with the community-driven intelligence of VirusTotal. 

In this webcast, SANS Instructor Dave Shackleford and Google’s Global Solutions Architect, Ben Cook, will talk about how this platform streamlines threat detection, enrichment, and analysis for security teams of all sizes. From tracking threat actors and malware campaigns to monitoring the dark web for emerging risks, you’ll see how Google’s converged ecosystem provides both operational and strategic value.

This discussion will include practical setup guidance and insights, including creating and managing Threat Profiles, leveraging Google ASM for attack surface monitoring, and using Digital Threat Monitoring to stay ahead of malicious activity. You’ll learn how analysts can enrich indicators, explore campaigns, visualize relationships in threat graphs, and integrate insights into your workflows with tools like IocStream. Whether you’re looking to enhance day-to-day threat analysis or inform long-term strategy, this review will give you a clear picture of how Google Threat Intelligence can elevate your security operations.

Enhancing Security Operations with Google Threat Intelligence

Effective threat hunting hinges on your ability to find adversaries before they achieve their objectives. This requires moving beyond generic indicators and arming your team with timely, relevant intelligence on the specific TTPs threat actors are using today. In this webinar, we will explore the latest how AI is making threat hunting more effective in less time than ever before.

Join us as we:
*Unveil  our groundbreaking Agentic Platform (now in public preview) — a major leap in applying AI to investigations and complex security tasks.
*Demo the Ransomware Data Leaks dashboard, offering fresh insights into evolving extortion trends.
*Showcase Code Insight, our AI-powered code analysis tool that converts plain text code files into clear, natural-language explanations—enabling analysts to understand complex threats without reading a single line of code.

The session concludes with a live Q&A, giving you the chance to engage with our experts and explore how these innovations can transform your threat hunting practices.

Threat Hunting with Google Threat Intelligence: Accelerating Investigations with AI (APAC Timezone)

What key strengths are essential for incident response and cyber resilience success?

Join our guest speaker Research VP Craig Robinson of IDC and Senior Director Nick Bennett from Mandiant, as they build on data and insights from the IDC MarketScape: Worldwide Incident Response 2025 Vendor Assessment report. This dynamic fireside chat will go beyond the headlines to provide a strategic look at the market.

Why Attend? 

As a cybersecurity leader, you'll gain the insights needed to strengthen your security posture and make informed decisions. By attending, you will:
- Benchmark your program: Discover the methodology and criteria in the IDC MarketScape that helped position Google as a leader and learn how to apply those same principles to your own organization.
- Align strategy with business goals: Get up-to-date information on the latest industry trends, including cyber risk management and recovery strategies, to optimize your incident response and cyber resilience plans.
- Enhance decision-making: Learn how to improve crisis communication and reduce the financial and reputational impact of a breach.

Mandiant’s Guide to Cyber Resilience in 2025 and Beyond

In the rush to adopt AI, your organization faces an urgent challenge: how do you enable innovation without exposing your most sensitive data and systems to new, unseen risks? This session provides a strategic roadmap for organizations to adopt and deploy AI securely from day one, helping you shift from a reactive security posture to a proactive strategy. 

Drawing on Mandiant's extensive experience assisting diverse, global organizations, Muhammad Muneer, Principal Security Engineer, will share actionable frameworks and strategies on: 
- Critical steps for establishing a secure AI environment 
- The role of a comprehensive governance framework
- Implementing secure development and deployment practices
- AI monitoring and threat detection
- Strengthening AI security incident response and recovery capabilities
- Fostering a culture of AI security awareness and training across the organization

Designed for both executive leadership and technical professionals, attendees will gain actionable insights and practical strategies for navigating the complexities of AI adoption. This session will empower your organization to prepare for a new wave of AI-driven threats.

Securing the AI revolution: How to prepare your organization for AI

La eficacia del Threat Hunting depende de la capacidad de los analistas para encontrar a los adversarios antes de que alcancen sus objetivos. Esto requiere ir más allá de los indicadores genéricos y dotar a su equipo de inteligencia relevante en el momento oportuno sobre las TTP específicas que los actores de amenazas utilizan hoy en día. En este webinar, exploraremos cómo la IA está haciendo que el Threat Hunting sea más eficaz en menos tiempo que nunca. Únase a nosotros para descubrir:
*Nuestra Plataforma Agentic (ahora en vista previa pública) —un gran avance en la aplicación de la IA a las investigaciones y a tareas complejas de seguridad.
*El Ransomware Data Leaks dashboard, que ofrece información actualizada sobre las tendencias cambiantes en materia de extorsión.
*Code Insight, nuestra herramienta de análisis de código impulsada por IA que convierte ficheros de código en texto plano en explicaciones claras en lenguaje natural, lo que permite a los analistas comprender amenazas complejas sin leer una sola línea de código.

La sesión concluirá con una serie de preguntas y respuestas en vivo, dándole la oportunidad de interactuar con nuestros expertos y mejorar sus prácticas de threat hunting.

Threat Hunting con Google Threat Intelligence: Acelerando investigaciones con IA (Versión en Español)

Effective threat hunting hinges on your ability to find adversaries before they achieve their objectives. This requires moving beyond generic indicators and arming your team with timely, relevant intelligence on the specific TTPs threat actors are using today. 

In this webinar, we will explore the latest how AI is making threat hunting more effective in less time than ever before. 

Join us as we:
*Unveil our groundbreaking Agentic Platform (now in public preview) — a major leap in applying AI to investigations and complex security tasks.

*Demo the Ransomware Data Leaks dashboard, offering fresh insights into evolving extortion trends.

*Showcase Code Insight, our AI-powered code analysis tool that converts plain text code files into clear, natural-language explanations—enabling analysts to understand complex threats without reading a single line of code.

The session concludes with a live Q&A, giving you the chance to engage with our experts and explore how these innovations can transform your threat hunting practices.

Threat Hunting with Google Threat Intelligence: Accelerating Investigations with AI

Unpacks today's trends in the cyber threat landscape, marked by escalating sophistication and destructive potential. It highlights that state-sponsored groups are increasingly focused on gaining persistent access to critical infrastructure and are rapidly experimenting with Al. This brief aims to equip security practitioners with actionable intelligence to proactively defend against evolving threats.

Navigating the Evolving Threat Landscape

Panelists will delve into how leaders across various industries are building exceptional proactive cyber defense programs. This session will explore strategies for continuous improvement, identify critical technical debt to eliminate, and discuss how to stay ahead of adversaries while fostering secure digital transformation.

Panel Discussion: Perspectives on Proactive Cyber Defense

Join FBI San Francisco and Mandiant as they unveil their collaborative approach to countering sophisticated cyber espionage threats from the People's Republic of China (PRC). This session will focus on advanced persistent threat actors, including UNC4841 and UNC5221, who exploit zero-day vulnerabilities in network appliances, and the emerging threat of PRC-aligned freelance actors like UNC5174.

FBI & Mandiant: Perspective on Countering PRC Cyber Threats

Mandiant gathered sufficient evidence to assess that UNC2452, the group responsible for the 2020 SolarWinds supply chain compromise, is attributable to APT29, a Russia-based espionage actor assessed to be sponsored by the Russian Foreign Intelligence Service (SVR). This webinar provides awareness and additional insights on the evolution of APT29's operational and behavioral tactics, techniques, and procedures (TTPs).

Assembling the Russian Stacking Doll: UNC2452 Merged into APT29

Supply Chain

IT Security

Threat Analysis

Threat Detection

Threat Intelligence

Incident Detection

Cyber Security

Cyber Attacks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Assembling the Russian Stacking Doll: UNC2452 Merged into APT29

Presented by

About this talk

Mandiant | Intelligence and Expertise