Calwarez
@calwarez.bsky.social
Director for Malicious Infrastructure Discovery @ Recorded Future | Views my own
Reposted by Calwarez
Today the NCSC has issued a warning highlighting Pro-Russian Hacktivist groups are targeting sectors across the UK.
All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.
All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.
Pro-Russia hacktivist activity continues to target UK organisations
The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service’ (DoS) defences
www.ncsc.gov.uk
January 19, 2026 at 4:20 PM
Today the NCSC has issued a warning highlighting Pro-Russian Hacktivist groups are targeting sectors across the UK.
All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.
All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.
Reposted by Calwarez
Predator spyware demonstrates troubleshooting, research-dodging capabilities cyberscoop.com/predator-spy...
Predator spyware demonstrates troubleshooting, researcher-dodging capabilities
Predator spyware operators have the ability to recognize why an infection failed, and the tech has more sophisticated capabilities for averting detection than previously known, according to research p...
cyberscoop.com
January 14, 2026 at 8:04 PM
Predator spyware demonstrates troubleshooting, research-dodging capabilities cyberscoop.com/predator-spy...
Reposted by Calwarez
NoName057(16) and DDoSia Project Analysis: Russia’s Most Persistent Hacktivist Operation
socradar.io/blog/noname0...
New SOCRadar Whitepaper Reveals the Inner Workings of DDoSia and Pro-Russian Cyber Aggression
socradar.io/blog/noname0...
New SOCRadar Whitepaper Reveals the Inner Workings of DDoSia and Pro-Russian Cyber Aggression
NoName057(16) and DDoSia Project Analysis: Russia's Most Persistent Hacktivist Operation
Threat actor card of NoName057(16)
socradar.io
January 8, 2026 at 1:06 PM
NoName057(16) and DDoSia Project Analysis: Russia’s Most Persistent Hacktivist Operation
socradar.io/blog/noname0...
New SOCRadar Whitepaper Reveals the Inner Workings of DDoSia and Pro-Russian Cyber Aggression
socradar.io/blog/noname0...
New SOCRadar Whitepaper Reveals the Inner Workings of DDoSia and Pro-Russian Cyber Aggression
Reposted by Calwarez
Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
www.recordedfuture.com/research/gru...
www.recordedfuture.com/research/gru...
GRU-Linked BlueDelta Evolves Credential Harvesting
Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.
www.recordedfuture.com
January 8, 2026 at 1:09 PM
Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
www.recordedfuture.com/research/gru...
www.recordedfuture.com/research/gru...
Reposted by Calwarez
Today, we released new @RecordedFuture research detailing BlueDelta’s expanded credential-harvesting activity observed between February and September 2025. #BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #ITG05 #PawnStorm #Sednit #Sofacy #TA422 (1/5) www.recordedfuture.com/research/gru...
GRU-Linked BlueDelta Evolves Credential Harvesting
Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.
www.recordedfuture.com
January 7, 2026 at 3:39 PM
Today, we released new @RecordedFuture research detailing BlueDelta’s expanded credential-harvesting activity observed between February and September 2025. #BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #ITG05 #PawnStorm #Sednit #Sofacy #TA422 (1/5) www.recordedfuture.com/research/gru...
Reposted by Calwarez
Recorded Future’s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET. The activity is attributed to the Russian state-sponsored threat group | www.recordedfuture.com/research/blu...
BlueDelta’s Persistent Campaign Against UKR.NET
Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.
www.recordedfuture.com
December 18, 2025 at 12:09 PM
Recorded Future’s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET. The activity is attributed to the Russian state-sponsored threat group | www.recordedfuture.com/research/blu...
Reposted by Calwarez
In their latest for Binding Hook, @nca-uk.bsky.social’s William Lyne and @rusi.bsky.social's @jamiemaccoll.bsky.social look at the challenges facing UK law enforcement as cybercriminals become more diverse at home and abroad: bindinghook.com/local-hacker...
Local hackers and Russian-speaking cyber criminals stretching UK responses
UK law enforcement must combat a diversifying array of cyber threats in the face of limited resources and a rapidly evolving cyber landscape
bindinghook.com
December 10, 2025 at 10:02 AM
In their latest for Binding Hook, @nca-uk.bsky.social’s William Lyne and @rusi.bsky.social's @jamiemaccoll.bsky.social look at the challenges facing UK law enforcement as cybercriminals become more diverse at home and abroad: bindinghook.com/local-hacker...
Reposted by Calwarez
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups (U.S. Department of Justice): www.justice.gov/opa/pr/justi...
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her r...
www.justice.gov
December 10, 2025 at 11:28 AM
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups (U.S. Department of Justice): www.justice.gov/opa/pr/justi...
Reposted by Calwarez
1/ @whoisnt.bsky.social, Marius, and I just published a report on #GrayBravo (formerly TAG-150), a highly adaptive, sophisticated threat actor that we first identified in Sept 2025. It uses a multi-layered infrastructure and responds quickly to exposure: www.recordedfuture.com/research/gra...
GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries
www.recordedfuture.com
December 9, 2025 at 8:24 AM
1/ @whoisnt.bsky.social, Marius, and I just published a report on #GrayBravo (formerly TAG-150), a highly adaptive, sophisticated threat actor that we first identified in Sept 2025. It uses a multi-layered infrastructure and responds quickly to exposure: www.recordedfuture.com/research/gra...
Reposted by Calwarez
Recorded Future’s Insikt Group uncovered four GrayBravo activity clusters. TAG-160 impersonates logistics firms, while TAG-161 impersonates Booking.com, employing ClickFix to deliver CastleLoader and Matanbuchus. www.recordedfuture.com/research/gra...
December 9, 2025 at 11:25 AM
Recorded Future’s Insikt Group uncovered four GrayBravo activity clusters. TAG-160 impersonates logistics firms, while TAG-161 impersonates Booking.com, employing ClickFix to deliver CastleLoader and Matanbuchus. www.recordedfuture.com/research/gra...
Reposted by Calwarez
"There is a lack of consensus regarding the current state of AI malware maturity."
So we put together #AIM3 to help #malware researchers describe the maturity level of an #AI_Malware Threat.
www.recordedfuture.com/blog/ai-malw...
So we put together #AIM3 to help #malware researchers describe the maturity level of an #AI_Malware Threat.
www.recordedfuture.com/blog/ai-malw...
December 6, 2025 at 3:23 AM
"There is a lack of consensus regarding the current state of AI malware maturity."
So we put together #AIM3 to help #malware researchers describe the maturity level of an #AI_Malware Threat.
www.recordedfuture.com/blog/ai-malw...
So we put together #AIM3 to help #malware researchers describe the maturity level of an #AI_Malware Threat.
www.recordedfuture.com/blog/ai-malw...
Reposted by Calwarez
⚠️ New victims of Predator #spyware identified, with malicious TikTok links revealing new targets, and evidence showing 🇪🇬Egypt & 🇸🇦Saudi clients still active.
➡️ Ad-based infections confirmed.
➡️ Leaked files & investigation expose post-sanctions Intellexa operations.
www.haaretz.com/israel-news/...
➡️ Ad-based infections confirmed.
➡️ Leaked files & investigation expose post-sanctions Intellexa operations.
www.haaretz.com/israel-news/...
December 4, 2025 at 6:03 AM
⚠️ New victims of Predator #spyware identified, with malicious TikTok links revealing new targets, and evidence showing 🇪🇬Egypt & 🇸🇦Saudi clients still active.
➡️ Ad-based infections confirmed.
➡️ Leaked files & investigation expose post-sanctions Intellexa operations.
www.haaretz.com/israel-news/...
➡️ Ad-based infections confirmed.
➡️ Leaked files & investigation expose post-sanctions Intellexa operations.
www.haaretz.com/israel-news/...
Reposted by Calwarez
And check out the companion blog post by @amnestyuk.bsky.social tech with a detailed peek into Intellexa's setup based on leaked materials 👀
Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...
Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 5:03 AM
And check out the companion blog post by @amnestyuk.bsky.social tech with a detailed peek into Intellexa's setup based on leaked materials 👀
Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...
Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...
Reposted by Calwarez
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 4:18 AM
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Reposted by Calwarez
Cyber Monday Deal
Get 6 months of Modat Magnify Pro for just €5 total (save €355).
Use code: MODAT2025CYBERMONDAY
Try the platform. Run advanced queries. Find what others miss.
magnify.modat.io
#CyberMonday #Cybersecurity #OSINT
Use code: MODAT2025CYBERMONDAY
Try the platform. Run advanced queries. Find what others miss.
magnify.modat.io
#CyberMonday #Cybersecurity #OSINT
December 1, 2025 at 10:51 AM
Cyber Monday Deal
Get 6 months of Modat Magnify Pro for just €5 total (save €355).
Use code: MODAT2025CYBERMONDAY
Try the platform. Run advanced queries. Find what others miss.
magnify.modat.io
#CyberMonday #Cybersecurity #OSINT
Use code: MODAT2025CYBERMONDAY
Try the platform. Run advanced queries. Find what others miss.
magnify.modat.io
#CyberMonday #Cybersecurity #OSINT
Reposted by Calwarez
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
ofac.treasury.gov
November 19, 2025 at 5:17 PM
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
Great read from @lawrencesec.bsky.social & @whoisnt.bsky.social !
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 6, 2025 at 11:53 AM
Great read from @lawrencesec.bsky.social & @whoisnt.bsky.social !
Reposted by Calwarez
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals
Explore how Russia’s cybercriminal ecosystem evolved under Operation Endgame—where state control, selective enforcement, and criminal alliances collide.
www.recordedfuture.com
October 22, 2025 at 2:26 PM
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 8:45 AM
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
Reposted by Calwarez
Recorded Future just published a report diving into the Beijing Institute of Electronics Technology and Application (BIETA), which is almost certainly a front for China’s MSS, developing technologies to support intelligence and military missions. Full report: www.recordedfuture.com/research/bie...
BIETA: A Technology Enablement Front for China's MSS
Discover how China's Ministry of State Security (MSS) almost certainly operates BIETA and its subsidiary CIII as public fronts for cyber-espionage, covert communications, and technology acquisition. C...
www.recordedfuture.com
October 7, 2025 at 8:04 PM
Recorded Future just published a report diving into the Beijing Institute of Electronics Technology and Application (BIETA), which is almost certainly a front for China’s MSS, developing technologies to support intelligence and military missions. Full report: www.recordedfuture.com/research/bie...
Reposted by Calwarez
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
October 1, 2025 at 1:03 PM
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
Reposted by Calwarez
Recorded Future's Insikt Group reports CopyCop, also tracked as Storm 1516, expanding in 2025, adding at least 200 new fictional media websites targeting the United States, France and Canada and using self-hosted LLMs. www.recordedfuture.com/research/cop...
September 18, 2025 at 9:10 AM
Recorded Future's Insikt Group reports CopyCop, also tracked as Storm 1516, expanding in 2025, adding at least 200 new fictional media websites targeting the United States, France and Canada and using self-hosted LLMs. www.recordedfuture.com/research/cop...
Reposted by Calwarez
I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!
www.virusbulletin.com/conference/v...
www.virusbulletin.com/conference/v...
September 22, 2025 at 8:23 AM
I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!
www.virusbulletin.com/conference/v...
www.virusbulletin.com/conference/v...
Reposted by Calwarez
The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. www.gov.uk/government/n...
UK sanctions Georgia-linked supporters of Putin’s illegal war in Ukraine
The UK has announced new sanctions targeting Georgia-linked supporters of Putin’s illegal war in Ukraine.
www.gov.uk
September 22, 2025 at 3:48 PM
The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. www.gov.uk/government/n...
Reposted by Calwarez
Really excited to present at #LABScon25 on ChamelGang‘s most recent campaign targeting the Taliban, a collaborative research project with @milenkowski.bsky.social (SentinelLABS) and @azaka.fun (TeamT5)! www.labscon.io/speakers/jul...
September 16, 2025 at 1:50 PM
Really excited to present at #LABScon25 on ChamelGang‘s most recent campaign targeting the Taliban, a collaborative research project with @milenkowski.bsky.social (SentinelLABS) and @azaka.fun (TeamT5)! www.labscon.io/speakers/jul...