ICYMI: In October 2024, we released the CTI Research Guide. It aims to help practitioners learn more about how to effectively perform the collection, processing, analysis, and production stages of the CTI lifecycle. 🔗

RT @cPeterr: Reviving my blog with a complete analysis of the latest #LockBit #ransomware v4.0 Green! 🤠. h/t to @f….

⚠️PSA: VPN & RDWeb password guessing attacks have been observed originating from IP addresses consistently across the following subnets:. 85.239.59.0/24.85.239.58.0/24 .85.239.57.0/24.85.239.56.0/24. ➡️ Check for low & slow password guessing attempts and successful logins.

Related articles.1. 2. 3.

⚠️PSA: Curated Intel members in DFIR have noticed a trend in exploitation of CVE-2024-57727 in the SimpleHelp RMM tool to deploy Medusa ransomware. ➡️ This tool is often used by IT Managed Service Providers (MSPs) to remotely control customer endpoints and have been impacted.

RT @BushidoToken: Got a new project to share later this year which will be published via @CuratedIntel — a community of researchers that ar….

⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍.

RT @BushidoToken: PSA from the @CuratedIntel Community to the CTI industry — watch out for cybercrime groups seeking access to your vendor….

⚠️PSA: Curated Intel DFIR teams noticed a severe uptick in Akira Ransomware cases in Jan 2024. Same repeated TTPs:.- Dwell times of < 4 hours on average.- Cisco ASA VPN for Access.- WinSCP for exfil / WinRAR for compression.- AnyDesk RMM for persistence.- 'w.exe' Akira payload.

Our friends at CSIRT-CTI have published their first new blog, stay tuned for more APT research from them!.

Come along to the first ever Curated Intel workshop. There will also be prizes for the best profile! #CTI.

🌐 Curated Intel is tracking hacktivist, cybercriminal, and regional APT groups surrounding the war in Israel. We describe the types of campaigns and attacks we've observed so far and have also provided recommendations for CTI analysts monitoring the war.

RT @BushidoToken: We had some good convos in the @CuratedIntel community today based on this @thecyberwire interview. Really interesting th….

RT @Kostastsale: A Day in the Life of a CISO

Pure facts #CTI.

RT @svch0st: @phillmoore and I posted a blog on a TTP observed in an #Akira Ransomware case. ➡️ Actor gains access to Hyper-V server (with….

RT @BushidoToken: TL;DR of ALPHV/BlackCat's essay on the MGM breach.- The attack began ~8 Sept. - They stole data and gained admin on their….

RT @BushidoToken: ⚠️ Use Microsoft Teams? Watch out for TeamsPhisher!. While it is not usually possible to send files to MS Teams users out….

RT @BushidoToken: 🆕 Pleased to share my latest blog for SANS FOR589: Cybercrime Intelligence 👾. We reviewed the latest cybercrime intrusion….

RT @TheDFIRReport: HTML Smuggling Leads to Domain Wide Ransomware. ➡️Initial Access: Thread-Hijacked Email > HTML Attachment.➡️Credentials:….