Authors:
Ed Murphy, Group Product Manager, Managed Defense
Andre Alfred, Sr. Director, Managed Solutions
Mandiant Threat Defense: AI-Powered Threat Defense on Google Security Operations in Action
Deep into the night of Monday March 30th (EST), the Mandiant Threat Defense team observed a relatively common threat indicator around the execution of a renamed legitimate Microsoft binary from a suspicious location. Powered by the combination of agentic speed and human expertise, the team took less than 2 minutes to confirm an active breach in a customer environments; enabling them to quickly mitigate risk and notify customers before the now notorious axios supply chain attack made headlines. What follows is an account of agentic defense played a key role in our response.
Supply Chain Attack Trends
Recently, threat actors have been targeting the npm and PyPI ecosystems to deliver a series of sophisticated supply chain attacks. These campaigns involve adversaries using phishing, or stolen session tokens to hijack the accounts of legitimate package maintainers. Once in control, they push a "routine update" to a widely trusted package. This effectively poisons the software supply chain, silently delivering the malicious payload to developer or applications pulling the latest dependency.
Because modern software development relies heavily on open-source dependencies, a single compromised package can trigger a chain reaction from its source into thousands of CI/CD pipelines and production environments. In recent months, Mandiant has observed a persistent and increasing trend of threat actors leveraging these supply chain vulnerabilities to deliver malicious payloads, with more recently UNC1069, a financially motivated North Korea-nexus threat actor, targeting the popular npm package 'axios' to distribute the WAVESHAPER.V2 backdoor that put millions of users and projects at risk.
Our Response
Within the hour, an urgent advisory was issued to our customers regarding this newly discovered axios npm supply chain compromise. Translating our frontline visibility into an immediate customer advantage, the advisory provided actionable intelligence to block the associated command-and-control (C2) infrastructure and prevent latter attack stages, including the download of the WAVESHAPER.V2 malware.
Mandiant Threat Defense has drastically compressed response times by turning hours of analysis into minutes, and minutes into seconds through the adoption of agentic features. A Gemini-backed AI Quick Triage agent oriented the team to the nature of the living off the land attack, and noted a high probability of compromise. A more in-depth agentic investigation revealed that the attack was likely a supply chain compromise. While AI drives the Mandiant Threat Defense service at machine speed, our experts confirmed the output of our agents and assessed the entire customer base for similar signs of compromise. Finally, following the gathering of evidence a Gemini-backed agent was once again leveraged to draft a comprehensive, individualized customer investigation report substantially reducing the time needed to inform the customer and begin the remediation process.
Delivering on the Promise of Shared Fate
Today the Mandiant Threat Defense service is centered around AI, with almost every workflow tightly integrated into our agentic tooling. However, the human factor remains just as critical, allowing us to accurately assess the impact of a threat (e.g. a novel attack technique or unknown new campaigns) and make decisive incident response decisions for our customers. Behind the scenes, the team continuously pools deep security expertise and capabilities across Mandiant and Google Security Operations to initiate threat hunting, malware analysis, intelligence gathering, and detection engineering. By using this frontline expertise to continuously augment our AI workflows, we create a more robust incident response cycle for our customers, as well as help accelerate the work of our researchers and analysts, and ensure a highly coordinated, best-in-class protection for our entire customer base and the broader community.
Outlook
According to Google Threat Intelligence, UNC1069 is not the only threat actor successfully executing open-source supply chain attacks in recent weeks. Other groups, such as TeamPCP (UNC6780), have actively poisoned GitHub Actions and PyPI packages associated with essential projects like Trivy, Checkmarx, and LiteLLM. These campaigns are specifically designed to deploy the SANDCLOCK credential stealer and facilitate follow-on extortion operations. Given the massive blast radius of these tactics, we assess with high confidence that adversaries will increasingly weaponize the software supply chain in the future.
Getting started
By combining Google Security Operations's advanced detection capabilities with world-class threat intelligence from Mandiant and Google Threat Intelligence Group, organizations can build a more proactive and effective defense against even the most challenging supply chain attacks.
Ready to outpace the adversary? View the datasheet to see how Mandiant Threat Defense delivers comprehensive active threat detection, hunting, and rapid response backed by world-class experts.
