Initial-access handoff time drops to 22 seconds across Mandiant investigations
Target Trend
Summary
Hide ▲
Show ▼
Across Mandiant investigations, the time from initial access to handoff to a secondary threat group has collapsed to 22 seconds, sharply reducing defenders’ window to detect brokered intrusions. The shift points to tighter coordination and more automation in cybercrime pipelines. It raises risk for organizations because access can now be monetized before responders can react.
Related Happenings
Low-severity enterprise alerts hiding confirmed incidents
Target Trend
First: 08.05.2026 13:30
Last: 08.05.2026 13:30
Sources 1
About this happening:
A recent enterprise telemetry analysis found that **low-severity** and **informational alerts** are hiding real compromises across live environments, creating a measurable missed-...
Low-severity enterprise alerts hiding confirmed incidents
Target TrendAbout this happening: A recent enterprise telemetry analysis found that **low-severity** and **informational alerts** are hiding real compromises across live environments, creating a measurable missed-...
AI-assisted cyber trend driving more malicious packages, faster exploit development, and slower remediation
Target Trend
First: 04.05.2026 14:58
Last: 04.05.2026 14:58
Sources 1
About this happening:
**AI-assisted cybercrime** is lowering the barrier to entry while **malicious package counts**, **exploit speed**, and **remediation lag** all worsen across software supply chains...
AI-assisted cyber trend driving more malicious packages, faster exploit development, and slower remediation
Target TrendAbout this happening: **AI-assisted cybercrime** is lowering the barrier to entry while **malicious package counts**, **exploit speed**, and **remediation lag** all worsen across software supply chains...
Medical-device cyberattack trend in healthcare organizations
Target Trend
First: 29.04.2026 13:05
Last: 29.04.2026 13:05
Sources 1
About this happening:
**24% of healthcare organizations** experienced cyber-attacks affecting **medical devices** over the past year, creating real risk to **patient care**. In **80%** of affected case...
Medical-device cyberattack trend in healthcare organizations
Target TrendAbout this happening: **24% of healthcare organizations** experienced cyber-attacks affecting **medical devices** over the past year, creating real risk to **patient care**. In **80%** of affected case...
UNC6692 email bombing and Microsoft Teams impersonation campaign
Campaign
First: 25.04.2026 18:07
Last: 25.04.2026 18:07
Sources 1
About this happening:
UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
UNC6692 email bombing and Microsoft Teams impersonation campaign
CampaignAbout this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....
Cyber threat actors use AI to accelerate extortion and exploitation
Target Trend
First: 17.02.2026 15:45
Last: 17.02.2026 15:45
Sources 1
About this happening:
Cyber threat actors are shifting to **routine operational use** of AI, making **extortion**, **reconnaissance**, **phishing**, and **exploit timing** faster and lower-friction acr...
Cyber threat actors use AI to accelerate extortion and exploitation
Target TrendAbout this happening: Cyber threat actors are shifting to **routine operational use** of AI, making **extortion**, **reconnaissance**, **phishing**, and **exploit timing** faster and lower-friction acr...
Timeline
-
23.03.2026 17:00 2 articles · 2mo ago
Google publishes M-Trends 2026 findings
Initial DisclosureGoogle publishes M-Trends 2026 based on more than 500,000 hours of Mandiant incident investigations in 2025, and the benchmark shows the median time from initial access to handoff to a secondary threat group has fallen to 22 seconds from more than 8 hours in 2022. The report also says exploits were the top initial infection vector at 32%, with CVE-2025-31324 in SAP NetWeaver, CVE-2025-61882 in Oracle EBS, and CVE-2025-53770 (ToolShell) in SharePoint the most often exploited flaws.
Show sources
- M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds — www.securityweek.com — 23.03.2026 17:00
- M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds — www.securityweek.com — 23.03.2026 17:00