Pinned
adorais.bsky.social
@adorais.bsky.social
· Apr 17
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US
Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social
www.proofpoint.com
🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Multiple reports have documented specific TA397 campaigns, this one takes a holistic look at the group's activity and puts forward attribution elements pointing towards Indian state interests alignment.
Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers
Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers
Just published:
A two-part blog series in collaboration with
@threatray.bsky.social, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.
Part 1: brnw.ch/21wT9A5
Part 2: brnw.ch/21wT9Ad.
A two-part blog series in collaboration with
@threatray.bsky.social, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.
Part 1: brnw.ch/21wT9A5
Part 2: brnw.ch/21wT9Ad.
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint US
This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here. Analyst note: Throughout
brnw.ch
June 6, 2025 at 1:58 PM
Multiple reports have documented specific TA397 campaigns, this one takes a holistic look at the group's activity and puts forward attribution elements pointing towards Indian state interests alignment.
Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers
Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers
New Proofpoint blog alert
We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:
www.proofpoint.com/us/blog/thre...
We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:
www.proofpoint.com/us/blog/thre...
TA406 Pivots to the Front | Proofpoint US
What happened In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these
www.proofpoint.com
May 13, 2025 at 2:08 PM
New Proofpoint blog alert
We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:
www.proofpoint.com/us/blog/thre...
We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:
www.proofpoint.com/us/blog/thre...
Personal bias aside, that is still a must-read. Impressive work by @saffronsec.bsky.social grouping together multiple campaigns to provide a comprehensive view of APT state-sponsored actors using ClickFix. Here's to your first blog with us! 🥂
My first blog with Proofpoint is live! And we love a good crossover. State-sponsored actors try their hand at ClickFix - the hottest thing in cybercrime. Meet the North Koreans, Iranians, and Russians who are upping their social engineering game www.proofpoint.com/us/blog/thre...
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US
Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social
www.proofpoint.com
April 17, 2025 at 7:07 PM
Personal bias aside, that is still a must-read. Impressive work by @saffronsec.bsky.social grouping together multiple campaigns to provide a comprehensive view of APT state-sponsored actors using ClickFix. Here's to your first blog with us! 🥂
🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US
Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social
www.proofpoint.com
April 17, 2025 at 7:00 PM
🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Hot off the press - new report on TA397 (aka Bitter) by Proofpoint's Threat Research team
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives
www.proofpoint.com/us/blog/thre...
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives
www.proofpoint.com/us/blog/thre...
December 17, 2024 at 3:24 PM
Hot off the press - new report on TA397 (aka Bitter) by Proofpoint's Threat Research team
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives
www.proofpoint.com/us/blog/thre...
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives
www.proofpoint.com/us/blog/thre...
Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line.
The emails contained a password-protected RAR attachment with the malicious payload.
The emails contained a password-protected RAR attachment with the malicious payload.
In December 11 and 12, 2024, a spearphishing campaign targeted at least 20 Autonomous System (AS) owners, predominantly Internet Service Providers (ISPs), and purported to come from the Network Operations Center (NOC) of a prominent European ISP.
🧵⤵️
🧵⤵️
Interesting susp targeted phish targeting an Italian telecom.
1) spoofing swisscom (note 'S', domain just reg'd)
2) leveraging encrypted rar + lnk + self signed pdf reader
3) BGP lure (fits with theme of email). BGP is the third leg in the outage triumvirate)
1) spoofing swisscom (note 'S', domain just reg'd)
2) leveraging encrypted rar + lnk + self signed pdf reader
3) BGP lure (fits with theme of email). BGP is the third leg in the outage triumvirate)
December 12, 2024 at 9:21 PM
Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line.
The emails contained a password-protected RAR attachment with the malicious payload.
The emails contained a password-protected RAR attachment with the malicious payload.
Reposted
since I'm cold and missing #OBTS I wanted to reflect on what
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module
the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module
the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies
December 12, 2024 at 8:26 PM
since I'm cold and missing #OBTS I wanted to reflect on what
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module
the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module
the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies