🚨New Analysis🚨: #LockBit 3.0 Exploit CVE 2023–4966 #CitrixBleed @MichalKoczwara and I deep dive into the recent #CISA LockBit advisory, looking at IOCs provided by @Boeing to uncover additional #infrastructure. Hope you find it an interesting read! Link & Findings👇

Cyber Threat Intelligence Report 2025 #ClickFix https://t.co/Yy7E9oxfdP

The European Council 🇪🇺 has issued sanctions against Stark Industries, a hosting company registered in the UK 🇬🇧, as "they have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation

🚨 Keepass Campaign 🔥Domain: kee-password[.]com (0/94 VT) 🔥Redirects to: keepass-download[.]com (0/94 VT) 🔥Links to malicious Github repo: hxxps://github[.]com/keeppasss/keepass/raw/refs/heads/main/KeePass-2.56-Setup[.]exe 🔥Drops:

Social Engineering analysis inspired by Sanne Maasakkers talk on "Unraveling the Mind Behind the APT - Analyzing the Role of Pretexting in CTI and Attribution" where she talks about Principles of Influence:

Within our telemetry we observed: - complaints about airport facilities, - stolen laptops at hotels, and, - attempts to be recruited for vacant positions. The blog covers first stage, intermediate, payload staging infrastructure and dropped payloads. Use of Yahoo & Rebrandly

Myself and @RustyNoob619 have released a new blog - "Operation Deceptive Prospect" #RomCom campaign targeting #UK #Retail & #Aviation via Customer Feedback Portals. All Feedback welcome. https://t.co/EMpcSG8XmB

🎯 Ransomware-driven data #exfiltration: techniques and implications Our new #TDR report focuses on the exfiltration techniques leveraged by #ransomware and #extortion groups. https://t.co/fta7HsMUbG #ThreatIntelligence #Detection

🇰🇵APT43/Kimsuky targets and impersonates hotel industry including Marriott, Faraway, NH Hotel Group, and others. 158.247.201.165 https://t.co/mPDteOfAxF

The #Lazarus Group shows no signs of easing with their campaign targeting #jobseekers extending to the present day. Group-IB researchers found new updates to their tools and tactic - new suite of Python scripts - #CivetQ, a #Windows and #Python version of #BeaverTail

#APT #MuddyWater #Mercury #Seedworm #threat #malware #RMM 📍🇮🇷 💥🇮🇱🇦🇪🇸🇦🇪🇺🌎 ⛓️ #Phishing > .RAR | .ZIP | DOC | PDF > Atera | ScreenConnect | N-Able | Syncro | SimpleHelp > #C2 Connection 🔗360 Threat Intelligence: https://t.co/VgxSCob6kJ

New #APT #Actor240524 #ABCloader #ABCsync #Threat #malware 📍🏴 💥🇦🇿🇮🇱 ⛓️ #Phishing > Doc Macro (VBA) > #ABCloader (MicrosoftWordUpdater.log) > Load Dll (#ABCsync) > #C2 > Commands to Steal & modify files/data 🔗NSFOCUS report: https://t.co/PY8AgHS892

🤓Check out new research into the ongoing Tycoon 2FA phishing campaign in Twitter article form📝 🤔Some IndiaTimes subdomains are extracted from the X509 Subject Alternative Name server certificate extension https://t.co/GzTR9cYLS7 🫣This redirect was previously described

Ever want to search @CISAgov KEV by actors provided in OSINT? Us too. We made a feature to search KEVs by actor while enjoying this miso soup 🍜. #ThreatIntel #infosec Just enter /kev?actor=lazarus Live example: https://t.co/IaiP8n7iio

🚨 Our new report from the #TDR team details our investigation into the #Quad7 (7777) #botnet, describing its exploitation of compromised TP-Link routers to perform long-term password-spraying attacks against #Microsoft365 accounts. https://t.co/1oSKIZn6aW

Well, after the @FBI and partners seized a propaganda network by #RussiaToday just 2 days ago, the swedish NGO @Qur1um just released a several pages report on the shady hosting infra behind #DoppelGaenger. Some good old Bulletproof Hosters included: https://t.co/PExNpX17su

Really enjoyed taking a look at #Akira with the awesome @RexorVc0 🦖

Our Cyber Threat Intelligence (CTI) team have been using their cutting-edge C2 infrastructure tracking capability to identify, analyse and monitor the top malicious infrastructure of the last year. This annual report shares their findings, including: 🔵 36,000+ unique IP

I messed with https://t.co/fkSC4eKD5R API and produced queries for @microsoftsentinel KQL queries https://t.co/cWjIrDgeM5 @rodtrent @msftsecurity @MsftSecIntel @msftsecurity #sentinel #kql #ransomware

SOC Client Lead role going here at @bridewellsec. Please apply if you're interested in joining our awesome SOC. https://t.co/3c2Px6w7WA

Today we delivered a session on Adversary Infrastructure Tracking that we conducted in 2023, here are some of key stats🐧 => USA and China hosted 50% of total C2 servers => Top 🇺🇸 ASNs: Amazon & Digital Ocean => Top 🇨🇳 ASNs: Tencent, Alibaba & Huawei More on Infostealers ⬇️