shramanack
@shramanack.bsky.social
Mixing Threat Intelligence with Criminal Sciences for Preventive Security & Cyber Counter-Intelligence | 10+ years of Tactical CTI | Entrepreneur | Cyberdefense Lecturer
#ThreatIntel #Criminology #Cyberwarfare
#ThreatIntel #Criminology #Cyberwarfare
Reposted by shramanack
BLOG POST: We examine the use of virtual offices by cybercriminals, and the organizations that enable them, to create a facade of legitimacy for their malicious activities.
www.team-cymru.com/post/how-vir...
www.team-cymru.com/post/how-vir...
Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy
Virtual offices have revolutionized the way businesses operate. They provide cost-effective flexibility by eliminating the need for permanent physical spaces. For startups, entrepreneurs, and global companies, virtual offices are powerful tools for establishing a presence in new markets and enhancing professional credibility.However, this innovation has a darker side. The same features that benefit legitimate businesses also create opportunities for exploitation. Virtual offices have become a lo
www.team-cymru.com
January 3, 2025 at 1:10 PM
BLOG POST: We examine the use of virtual offices by cybercriminals, and the organizations that enable them, to create a facade of legitimacy for their malicious activities.
www.team-cymru.com/post/how-vir...
www.team-cymru.com/post/how-vir...
Reposted by shramanack
Some thoughts on one of the most interesting threat actors we have seen over the past few years; Predatory Sparrow - with @jamesshires.bsky.social and Hannah-Sophie Weber
bindinghook.com/articles-bin...
bindinghook.com/articles-bin...
Predatory Sparrow: cyber sabotage with a conscience?
An understudied ‘hacktivist’ group conducts cyberattacks against Iran that clearly violate international norms – but claims to demonstrate ethical restraint
bindinghook.com
December 9, 2024 at 10:40 AM
Some thoughts on one of the most interesting threat actors we have seen over the past few years; Predatory Sparrow - with @jamesshires.bsky.social and Hannah-Sophie Weber
bindinghook.com/articles-bin...
bindinghook.com/articles-bin...
(Recorded Future) #BlueAlpha (#Gamaredon Group / Primitive Bear) Abuses #Cloudflare Tunneling Service for #GammaDrop Staging Infrastructure : www.recordedfuture.com/research/blu...
#cyber #threatintel #malware
#cyber #threatintel #malware
December 5, 2024 at 6:54 PM
(Recorded Future) #BlueAlpha (#Gamaredon Group / Primitive Bear) Abuses #Cloudflare Tunneling Service for #GammaDrop Staging Infrastructure : www.recordedfuture.com/research/blu...
#cyber #threatintel #malware
#cyber #threatintel #malware
Not So False Flag: the Adversary of my Adversary is my … -> www.conquer-your-risk.com/2024/12/05/n...
#cyber #threatintel #falseflag #malware #turla #apt28 #lazarus #apt34 #counterintelligence #deception
#cyber #threatintel #falseflag #malware #turla #apt28 #lazarus #apt34 #counterintelligence #deception
December 5, 2024 at 6:46 PM
Not So False Flag: the Adversary of my Adversary is my … -> www.conquer-your-risk.com/2024/12/05/n...
#cyber #threatintel #falseflag #malware #turla #apt28 #lazarus #apt34 #counterintelligence #deception
#cyber #threatintel #falseflag #malware #turla #apt28 #lazarus #apt34 #counterintelligence #deception
Reposted by shramanack
Second time we've seen Turla sit on top of someone else's operation. blog.lumen.com/snowblind-th...
Snowblind: The Invisible Hand of Secret Blizzard
blog.lumen.com
December 4, 2024 at 5:31 PM
Second time we've seen Turla sit on top of someone else's operation. blog.lumen.com/snowblind-th...
(Github Security Advisory) Malware Advisory in the JavaScript SDK for building Solana apps for Node, web, and React Native: github.com/advisories/G...
#cyber #cryptocurrency #solana #malware #vulnerability #javascript
#cyber #cryptocurrency #solana #malware #vulnerability #javascript
December 4, 2024 at 11:32 AM
(Github Security Advisory) Malware Advisory in the JavaScript SDK for building Solana apps for Node, web, and React Native: github.com/advisories/G...
#cyber #cryptocurrency #solana #malware #vulnerability #javascript
#cyber #cryptocurrency #solana #malware #vulnerability #javascript
(FBI) Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud : www.ic3.gov/PSA/2024/PSA...
#cyber #scam #genai
#cyber #scam #genai
December 4, 2024 at 11:25 AM
(FBI) Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud : www.ic3.gov/PSA/2024/PSA...
#cyber #scam #genai
#cyber #scam #genai
Reposted by shramanack
🦝 The new episode of @intel471.bsky.social "Cybercrime Exposed" podcast produced by @jkirk.bsky.social tells the story of #Raccoon Stealer and, more broadly, reveals how the #infostealer ecosystem operates.
Featuring @crep1x.bsky.social from @sekoia.io!
intel471.com/resources/po...
Featuring @crep1x.bsky.social from @sekoia.io!
intel471.com/resources/po...
Cybercrime Exposed Podcast: Raccoon Stealer
Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.
intel471.com
December 4, 2024 at 10:30 AM
🦝 The new episode of @intel471.bsky.social "Cybercrime Exposed" podcast produced by @jkirk.bsky.social tells the story of #Raccoon Stealer and, more broadly, reveals how the #infostealer ecosystem operates.
Featuring @crep1x.bsky.social from @sekoia.io!
intel471.com/resources/po...
Featuring @crep1x.bsky.social from @sekoia.io!
intel471.com/resources/po...
Reposted by shramanack
Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting.
github.com/BushidoUK/MI...
github.com/BushidoUK/MI...
github.com
December 4, 2024 at 10:54 AM
Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting.
github.com/BushidoUK/MI...
github.com/BushidoUK/MI...
Reposted by shramanack
Given fears that there may be new chemical attacks in Syria, here's a thread on some of the chemical munitions used in the past by the Syrian government. First, there's been two primary agents use, chlorine gas, and sarin, each associated with specific munitions.
December 3, 2024 at 9:33 AM
Given fears that there may be new chemical attacks in Syria, here's a thread on some of the chemical munitions used in the past by the Syrian government. First, there's been two primary agents use, chlorine gas, and sarin, each associated with specific munitions.
#APT36's #ElizaRAT latest innovations: www.reco.ai/blog/how-apt...
#cyber #threatintel #malware #TransparentTribe
#cyber #threatintel #malware #TransparentTribe
December 3, 2024 at 8:40 AM
#APT36's #ElizaRAT latest innovations: www.reco.ai/blog/how-apt...
#cyber #threatintel #malware #TransparentTribe
#cyber #threatintel #malware #TransparentTribe
#Maltego #Investigation Cheat Sheet by @fr0gger.infosec.exchange.ap.brid.gy
#cyber #threatintel #malware
#cyber #threatintel #malware
December 3, 2024 at 8:35 AM
#VirusBulletin - OCTOPUS PRIME : Analysis of an #Android #Botnet -> www.virusbulletin.com/uploads/pdf/...
#cyber #threatintel #malware
@TeamCym
#cyber #threatintel #malware
@TeamCym
December 3, 2024 at 8:24 AM
#VirusBulletin - OCTOPUS PRIME : Analysis of an #Android #Botnet -> www.virusbulletin.com/uploads/pdf/...
#cyber #threatintel #malware
@TeamCym
#cyber #threatintel #malware
@TeamCym
Reposted by shramanack
Germany's domestic intelligence service (BfV) has created a special task force to counter cyberattacks, espionage, sabotage and disinformation campaigns ahead of federal elections in February. https://therecord.media/german-bfv-election-task-force-cyberattacks-disinformation
German intelligence launches task force to combat foreign election interference
Germany's domestic intelligence service (BfV) has created a special task force to counter cyberattacks, espionage, sabotage and disinformation campaigns ahead of federal elections in February.
therecord.media
December 2, 2024 at 2:44 PM
Germany's domestic intelligence service (BfV) has created a special task force to counter cyberattacks, espionage, sabotage and disinformation campaigns ahead of federal elections in February. https://therecord.media/german-bfv-election-task-force-cyberattacks-disinformation
#APT35 Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries : threatbook.io/blog/id/1095
#cyber #threatintel #apt #UNC1549
#cyber #threatintel #apt #UNC1549
December 2, 2024 at 2:14 PM
#APT35 Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries : threatbook.io/blog/id/1095
#cyber #threatintel #apt #UNC1549
#cyber #threatintel #apt #UNC1549
Reposted by shramanack
Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale
www.recordedfuture.com/research/rus...
www.recordedfuture.com/research/rus...
Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale | Recorded Future
Insikt Group shares research on CopyCop: a Russian-linked network using AI for disinformation to influence US, UK, and French politics. Dive into the details.
www.recordedfuture.com
December 2, 2024 at 7:45 AM
Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale
www.recordedfuture.com/research/rus...
www.recordedfuture.com/research/rus...
Reposted by shramanack
Microsoft has recently issued a warning about a large-scale spear-phishing campaign attributed to the notorious Russian state-sponsored threat actor known as Midnight Blizzard. #APT29 #CozyBear #MidnightBlizzard
zerosecurity.org/microsoft-wa...
zerosecurity.org/microsoft-wa...
Microsoft Warns of Russian Spear-Phishing Attacks
Midnight Blizzard's spear-phishing campaign targets thousands across government, defense, academia, NGOs; Microsoft warns of stolen data, persistent access risks.
zerosecurity.org
December 1, 2024 at 3:46 AM
Microsoft has recently issued a warning about a large-scale spear-phishing campaign attributed to the notorious Russian state-sponsored threat actor known as Midnight Blizzard. #APT29 #CozyBear #MidnightBlizzard
zerosecurity.org/microsoft-wa...
zerosecurity.org/microsoft-wa...
Reposted by shramanack
Very interesting report from The DFIR Report about TA4557 #malware.
It helps to understand how #attackers performs their attacks and how #blueteam can respond against them.
I highly recommend SOC/CERT analysts to read this.
thedfirreport.com/2024/12/02/t...
#cybersecurity #detection #ioc
It helps to understand how #attackers performs their attacks and how #blueteam can respond against them.
I highly recommend SOC/CERT analysts to read this.
thedfirreport.com/2024/12/02/t...
#cybersecurity #detection #ioc
The Curious Case of an Egg-Cellent Resume
Key Takeaways Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and…
thedfirreport.com
December 2, 2024 at 12:28 PM
Very interesting report from The DFIR Report about TA4557 #malware.
It helps to understand how #attackers performs their attacks and how #blueteam can respond against them.
I highly recommend SOC/CERT analysts to read this.
thedfirreport.com/2024/12/02/t...
#cybersecurity #detection #ioc
It helps to understand how #attackers performs their attacks and how #blueteam can respond against them.
I highly recommend SOC/CERT analysts to read this.
thedfirreport.com/2024/12/02/t...
#cybersecurity #detection #ioc
Improve Your Forensic Analyses with hashlookup -> www.foo.be/2024/09/Impr... #cyber #forensic #threatintel #misp
December 2, 2024 at 11:57 AM
Improve Your Forensic Analyses with hashlookup -> www.foo.be/2024/09/Impr... #cyber #forensic #threatintel #misp
Reposted by shramanack
"221 mobile phones, 258 hard drives, 495 SIM cards, 33 audio recording devices, 55 visual recording devices, 11 drones, 16 radios, 3 IMSI grabbers, […] Wi-Fi eavesdropping devices and jammers, and 75 passports and identity documents" 🕵️♂️
Man who spied for Russia in UK 'discussed killing journalist'
A UK-based spy ring allegedly passed secrets to Russia, a court has heard as a trial begins.
www.bbc.com
November 29, 2024 at 6:06 PM
"221 mobile phones, 258 hard drives, 495 SIM cards, 33 audio recording devices, 55 visual recording devices, 11 drones, 16 radios, 3 IMSI grabbers, […] Wi-Fi eavesdropping devices and jammers, and 75 passports and identity documents" 🕵️♂️
Reposted by shramanack
"The networks are still compromised, and booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches" 🕵️♂️
Top senator calls Salt Typhoon ‘worst telecom hack in our nation’s history’
The severity of the Chinese breach highlights the need for more telecommunications regulation, lawmakers say.
www.washingtonpost.com
November 29, 2024 at 6:35 PM
"The networks are still compromised, and booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches" 🕵️♂️
By building communities and leveraging popular apps, #EvilBamboo created a self-sustaining engine of espionage. This is not just #malware distribution; it's a comprehensive assault on the trust model underpinning our digital society. #threatintel
EvilBamboo Targets Mobile Devices in Multi-year Campaign
Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwan...
www.volexity.com
November 30, 2023 at 11:21 AM
By building communities and leveraging popular apps, #EvilBamboo created a self-sustaining engine of espionage. This is not just #malware distribution; it's a comprehensive assault on the trust model underpinning our digital society. #threatintel
Diamond Sleet's manipulation of a legitimate CyberLink installer embodies a disturbing trend in supply chain attacks. It's not just about the immediate breach; it's a chess move in a larger strategy, patiently and opportunistically positioning assets for later use. #threatintel #malware #apt
Diamond Sleet supply chain compromise distributes a modified CyberLink installer | Microsoft Securit...
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate ...
www.microsoft.com
November 29, 2023 at 9:16 AM
Diamond Sleet's manipulation of a legitimate CyberLink installer embodies a disturbing trend in supply chain attacks. It's not just about the immediate breach; it's a chess move in a larger strategy, patiently and opportunistically positioning assets for later use. #threatintel #malware #apt
#HrServ, the #webshell that's so sneaky, when you find it, you may find one of your missing socks too. #malware #apt #threatintel #crimeware
securelist.com/hrserv-apt-w...
securelist.com/hrserv-apt-w...
HrServ web shell analysis
In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.
securelist.com
November 28, 2023 at 5:33 PM
#HrServ, the #webshell that's so sneaky, when you find it, you may find one of your missing socks too. #malware #apt #threatintel #crimeware
securelist.com/hrserv-apt-w...
securelist.com/hrserv-apt-w...