Intel 471
@intel471.bsky.social
Intel 471 specializes in delivering intelligence related to threat actors, threat hunting, financial cybercrime, ransomware, vulnerabilities, malware and underground marketplaces. Listen to our podcast, Cybercrime Exposed, on Spotify and Apple. #infosec
The disruption of the XSS cybercrime forum marked one of the most significant events in cybercrime in 2025. Here's an assessment its future from Intel 471's research and analysis teams:
www.intel471.com/blog/after-d...
www.intel471.com/blog/after-d...
August 22, 2025 at 1:00 AM
The disruption of the XSS cybercrime forum marked one of the most significant events in cybercrime in 2025. Here's an assessment its future from Intel 471's research and analysis teams:
www.intel471.com/blog/after-d...
www.intel471.com/blog/after-d...
A new episode of our Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
August 20, 2025 at 3:12 AM
A new episode of our Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
Jacob Larsen is an #infosec pro who was involuntarily pulled into the dark world of doxing. Intel 471's latest Studio 471 podcast speaks with Jacob about doxing's effects, how sites like Doxbin exploit legal loopholes and how to defend against being doxed.
www.youtube.com/watch?v=y5AO...
www.youtube.com/watch?v=y5AO...
Defending against doxing ft. Jacob Larsen, Threat Researcher, Offensive Security Lead, CyberCX
YouTube video by Intel 471
www.youtube.com
July 24, 2025 at 6:33 AM
Jacob Larsen is an #infosec pro who was involuntarily pulled into the dark world of doxing. Intel 471's latest Studio 471 podcast speaks with Jacob about doxing's effects, how sites like Doxbin exploit legal loopholes and how to defend against being doxed.
www.youtube.com/watch?v=y5AO...
www.youtube.com/watch?v=y5AO...
Pro-Russian hacktivism campaigns continue to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks. #infosec intel471.com/blog/pro-rus...
Pro-Russian hacktivism: Shifting alliances, new groups and risks
Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and…
intel471.com
July 4, 2025 at 2:20 PM
Pro-Russian hacktivism campaigns continue to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks. #infosec intel471.com/blog/pro-rus...
The Black Basta ransomware gang contracted a person with the nickname Tinker. Tinker came from Conti and had a knack for running call centres, writing phishing emails and ransom negotiations. More here from Intel 471's Adversary Intelligence team. intel471.com/blog/a-look-...
A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator
The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content,…
intel471.com
June 23, 2025 at 8:16 AM
The Black Basta ransomware gang contracted a person with the nickname Tinker. Tinker came from Conti and had a knack for running call centres, writing phishing emails and ransom negotiations. More here from Intel 471's Adversary Intelligence team. intel471.com/blog/a-look-...
Law enforcement has smashed DanaBot, a data-stealing workhorse administered in Russia and sold to cybercriminals that also had a second, side version likely used for nation-state cyberespionage. Here's Intel 471's in-depth look at its operations. #infosec
intel471.com/blog/danabot...
intel471.com/blog/danabot...
DanaBot malware disrupted, threat actors named
The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.
intel471.com
May 22, 2025 at 11:43 PM
Law enforcement has smashed DanaBot, a data-stealing workhorse administered in Russia and sold to cybercriminals that also had a second, side version likely used for nation-state cyberespionage. Here's Intel 471's in-depth look at its operations. #infosec
intel471.com/blog/danabot...
intel471.com/blog/danabot...
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views. Research by @intel471.bsky.social #infosec intel471.com/blog/how-an-...
How an alleged Russian hacker slipped away
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia —…
intel471.com
May 15, 2025 at 11:11 PM
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views. Research by @intel471.bsky.social #infosec intel471.com/blog/how-an-...
Russia-based bulletproof hosting service Zservers was breached, doxxed and sanctioned, but there are signs this cybercrime and ransomware service provider may not be finally done. New research from Intel 471. #infosec intel471.com/blog/zserver...
Zservers: Bulletproof hosting for online crime
Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.
intel471.com
March 12, 2025 at 1:04 AM
Russia-based bulletproof hosting service Zservers was breached, doxxed and sanctioned, but there are signs this cybercrime and ransomware service provider may not be finally done. New research from Intel 471. #infosec intel471.com/blog/zserver...
The Black Basta data leak exposed critical details about how this damaging ransomware gang operated, including how its top member claims to have eluded law enforcement. New blog here: intel471.com/blog/black-b... #infosec
Black Basta exposed: A look at a cybercrime data leak
Black Basta suffered a leak of 197,000 internal chats messages, which has exposed critical details about how this damaging ransomware gang operated,…
intel471.com
March 1, 2025 at 6:41 AM
The Black Basta data leak exposed critical details about how this damaging ransomware gang operated, including how its top member claims to have eluded law enforcement. New blog here: intel471.com/blog/black-b... #infosec
DeepSeek is just the start. China has approved more than 117 LLMs since August 2023 that are all rapidly maturing in capability. Intel 471's Analysis and Cyber Geopolitical Intelligence teams explain here what this means for enterprise risk. #infosec intel471.com/blog/does-de...
February 10, 2025 at 9:44 PM
DeepSeek is just the start. China has approved more than 117 LLMs since August 2023 that are all rapidly maturing in capability. Intel 471's Analysis and Cyber Geopolitical Intelligence teams explain here what this means for enterprise risk. #infosec intel471.com/blog/does-de...
Intel 471's very own Senior Intelligence Analyst Ashley Jess has been closely following cybercriminal use and interest in AI. This was a pre-record before DeepSeek popped but it is a great discussion about the potential threats and risks. #infosec intel471.com/blog/how-thr...
How threat actors are using artificial intelligence
Artificial intelligence is a red-hot mess, filled with contradicting predictions over whether it will bring vast benefits. In this Studio 471, Ashley Jess…
intel471.com
February 10, 2025 at 9:08 PM
Intel 471's very own Senior Intelligence Analyst Ashley Jess has been closely following cybercriminal use and interest in AI. This was a pre-record before DeepSeek popped but it is a great discussion about the potential threats and risks. #infosec intel471.com/blog/how-thr...
Clop, a ransomware/extortion group that targets file transfer systems, revealed the names of 59 businesses that allegedly were impacted by the Cleo vulnerabilities and refused to pay. The group claimed their data will be publicly released on Saturday, with another list to come on Tuesday. #infosec
January 15, 2025 at 11:33 PM
Clop, a ransomware/extortion group that targets file transfer systems, revealed the names of 59 businesses that allegedly were impacted by the Cleo vulnerabilities and refused to pay. The group claimed their data will be publicly released on Saturday, with another list to come on Tuesday. #infosec
Ep. 8 of @intel471.bsky.social's Cybercrime Exposed podcast covers Raccoon Stealer, which was a popular and damaging infostealer. But its operator made a critical OPSEC error. Thanks to @crep1x.bsky.social of @sekoia.io. #infosec Full series on Apple and Spotify.
intel471.com/resources/po...
intel471.com/resources/po...
Cybercrime Exposed Podcast: Raccoon Stealer
Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.
intel471.com
December 4, 2024 at 10:05 PM
Ep. 8 of @intel471.bsky.social's Cybercrime Exposed podcast covers Raccoon Stealer, which was a popular and damaging infostealer. But its operator made a critical OPSEC error. Thanks to @crep1x.bsky.social of @sekoia.io. #infosec Full series on Apple and Spotify.
intel471.com/resources/po...
intel471.com/resources/po...
Hundreds of fake websites have been registered over the last few days spoofing real brands containing "Black Friday" related keywords. These sites are often promoted through SEO tricks and search engine/social media ads. This one was at samsoniteblackfriday[.]shop.
#infosec
#infosec
November 29, 2024 at 7:23 AM
Hundreds of fake websites have been registered over the last few days spoofing real brands containing "Black Friday" related keywords. These sites are often promoted through SEO tricks and search engine/social media ads. This one was at samsoniteblackfriday[.]shop.
#infosec
#infosec
The breaches linked to customers of Snowflake marked one of the largest data breach waves of 2024. One of the alleged threat actors has been arrested in Canada. This blog is a deep dive into the Com-related threat actor "waifu" or @judische. #infosec
intel471.com/blog/how-to-...
intel471.com/blog/how-to-...
How to Defend Against Alleged Snowflake Attacker ‘Judische’
The threat actor behind the compromise of more than 165 organizations using Snowflake credentials stolen by infostealers has reportedly been detained.…
intel471.com
November 28, 2024 at 5:31 AM
The breaches linked to customers of Snowflake marked one of the largest data breach waves of 2024. One of the alleged threat actors has been arrested in Canada. This blog is a deep dive into the Com-related threat actor "waifu" or @judische. #infosec
intel471.com/blog/how-to-...
intel471.com/blog/how-to-...
Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior. #infosec intel471.com/blog/threat-...
Threat Hunting Case Study: Uncovering Turla
Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group…
intel471.com
November 28, 2024 at 5:27 AM
Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior. #infosec intel471.com/blog/threat-...
Will processing cyber threat intelligence become illegal? Here's a discussion with professor Peter Swire about how data protection schemes can potentially clash with better cybersecurity defences. This is part of @intel471.bsky.social's interview series. #infosec intel471.com/blog/will-pr...
Will Processing CTI Become Legally Risky?
In this Studio 471, Peter Swire discusses the regulatory environment, how it could impact the use of cyber threat intelligence and what could be done to…
intel471.com
October 23, 2024 at 10:36 PM
Will processing cyber threat intelligence become illegal? Here's a discussion with professor Peter Swire about how data protection schemes can potentially clash with better cybersecurity defences. This is part of @intel471.bsky.social's interview series. #infosec intel471.com/blog/will-pr...
We're fielding questions about how Telegram's pledge to turn over phone numbers and IP addresses under valid legal orders will impact visibility into cybercrime. Here's our assessment: intel471.com/blog/are-tel... #infosec
Are Telegram's New Policies Spooking Cybercriminals?
Telegram will now divulge IP addresses and phone numbers in response to valid legal requests. Some cybercriminals are planning to leave Telegram. We…
intel471.com
October 2, 2024 at 11:29 PM
We're fielding questions about how Telegram's pledge to turn over phone numbers and IP addresses under valid legal orders will impact visibility into cybercrime. Here's our assessment: intel471.com/blog/are-tel... #infosec
Russia is a hotbed of cybercriminal activity. Intel 471's Studio 471 podcast spoke with Alec Jackson, an analyst for the U.S. Department of Defense, about why and what the West could do to try to deter it. His answers may surprise.
intel471.com/blog/why-rus...
September 26, 2024 at 10:53 PM
Russia is a hotbed of cybercriminal activity. Intel 471's Studio 471 podcast spoke with Alec Jackson, an analyst for the U.S. Department of Defense, about why and what the West could do to try to deter it. His answers may surprise.
intel471.com/blog/why-rus...
Here is Intel 471's analysis of what effect France's action against Telegram will have on cybercriminal use of the platform, which has been rising for a number of years for a number of reasons. #infosec
intel471.com/blog/france-...
intel471.com/blog/france-...
France vs. Telegram: What Does it Mean for Cybercrime?
France indicted Telegram CEO Pavel Durov for an alleged failure to cooperate to stop criminal activity on the platform. Intel 471 analyzes how this may…
intel471.com
August 29, 2024 at 1:22 AM
Here is Intel 471's analysis of what effect France's action against Telegram will have on cybercriminal use of the platform, which has been rising for a number of years for a number of reasons. #infosec
intel471.com/blog/france-...
intel471.com/blog/france-...
@intel471.bsky.social's Cybercrime Exposed podcast is back! It's a wild episode about Vyacheslav Penchukov aka "Tank," a Ukrainian threat actor who ran a gang that made at least $70 million through truly organized cybercrime. intel471.com/blog/cybercr...
Cybercrime Exposed Podcast: Tank
In 2006, a new type of malware appeared on the scene. Its name was Zeus. It was enormously profitable for its cybercriminal developers, who used it to…
intel471.com
August 20, 2024 at 5:09 AM
@intel471.bsky.social's Cybercrime Exposed podcast is back! It's a wild episode about Vyacheslav Penchukov aka "Tank," a Ukrainian threat actor who ran a gang that made at least $70 million through truly organized cybercrime. intel471.com/blog/cybercr...
Intel 471 collaborated with great minds in the CTI industry to develop the Cyber Threat Intelligence Capability Maturity Model. It's a methodical way to build a CTI program that establishes focus, satisfies stakeholders and improves security outcomes. intel471.com/blog/introdu...
Introducing the CTI Capability Maturity Model, a resource for…
The CTI Capability Maturity Model (CTI-CMM) is an easy to use, vendor-neutral model that promotes a “stakeholder-first” approach to building a mature CTI…
intel471.com
August 8, 2024 at 4:19 AM
Intel 471 collaborated with great minds in the CTI industry to develop the Cyber Threat Intelligence Capability Maturity Model. It's a methodical way to build a CTI program that establishes focus, satisfies stakeholders and improves security outcomes. intel471.com/blog/introdu...
Intel 471 analyzed recent phishing campaigns by ATLAS LION, a group that specializes in compromising companies gift-card issuing systems. This group is skilled at attacker-in-the-middle phishing, spoofing IDPs and navigating cloud infrastructure.
intel471.com/blog/threat-...
intel471.com/blog/threat-...
Threat Actors Target Gift Card Issuing Systems
ATLAS LION is a threat actor group that uses phishing to gain access to gift-card issuing systems and then generates fraudulent cards.
intel471.com
August 7, 2024 at 11:15 PM
Intel 471 analyzed recent phishing campaigns by ATLAS LION, a group that specializes in compromising companies gift-card issuing systems. This group is skilled at attacker-in-the-middle phishing, spoofing IDPs and navigating cloud infrastructure.
intel471.com/blog/threat-...
intel471.com/blog/threat-...
Our intelligence analysis team has written a cyber threat assessment of the Paris Olympic Games, covering how the Games could be impacted hacktivism, nation-state actors, ongoing geopolitical turmoil and financially motivated threat actors.
intel471.com/blog/cyber-t...
intel471.com/blog/cyber-t...
Cyber Threat Landscape: 2024 Paris Olympic Games
The infrastructure behind the 2024 Summer Olympics is vast, providing a large potential attack surface. Here's an overview of the threat landscape.
intel471.com
July 17, 2024 at 11:17 PM
Our intelligence analysis team has written a cyber threat assessment of the Paris Olympic Games, covering how the Games could be impacted hacktivism, nation-state actors, ongoing geopolitical turmoil and financially motivated threat actors.
intel471.com/blog/cyber-t...
intel471.com/blog/cyber-t...
What lies ahead now after law enforcement's epic p0wning of LockBit, the No. 1 ransomware gang? Here's an analysis from Intel 471's great intelligence team. #infosec
intel471.com/blog/what-li...
intel471.com/blog/what-li...
February 20, 2024 at 11:46 PM
What lies ahead now after law enforcement's epic p0wning of LockBit, the No. 1 ransomware gang? Here's an analysis from Intel 471's great intelligence team. #infosec
intel471.com/blog/what-li...
intel471.com/blog/what-li...