#ThreatIntel - CN-nexus #RedNovember (aka TAG-100, overlap w/ Storm-2077) targeting multiple sectors worldwide, incl. in the EU (🇩🇪, 🇵🇹, 🇳🇱) by targeting edge devices, (VPNs, firewalls, load balancers, virtualization infrastructure, email servers).
www.recordedfuture.com/research/red...
www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
October 2, 2025 at 7:46 PM
#ThreatIntel - CN-nexus #RedNovember (aka TAG-100, overlap w/ Storm-2077) targeting multiple sectors worldwide, incl. in the EU (🇩🇪, 🇵🇹, 🇳🇱) by targeting edge devices, (VPNs, firewalls, load balancers, virtualization infrastructure, email servers).
www.recordedfuture.com/research/red...
www.recordedfuture.com/research/red...
#ThreatIntel - DPRK-nexus #FamousChollima (aka DPRK IT workers) observed seeking jobs across multiple sectors, incl. 50% in the IT sector worldwide, with activity reported in the U.S. and in other countries (27% of targeted countries reportedly outside the U.S.)
www.okta.com/newsroom/art...
www.okta.com/newsroom/art...
North Korea’s IT Workers expand beyond US big tech
An Okta Threat Intelligence analysis revealed that the Democratic People’s Republic of Korea IT worker scheme threatens nearly every industry that hires remote talent.
www.okta.com
October 2, 2025 at 7:31 PM
#ThreatIntel - DPRK-nexus #FamousChollima (aka DPRK IT workers) observed seeking jobs across multiple sectors, incl. 50% in the IT sector worldwide, with activity reported in the U.S. and in other countries (27% of targeted countries reportedly outside the U.S.)
www.okta.com/newsroom/art...
www.okta.com/newsroom/art...
Reposted
Meta says it will appeal a ruling by a Dutch court, which ordered the company to change the way its recommendation feeds work or face steep fines therecord.media/dutch-court-...
Dutch court rules Meta violated European law by pushing users to profiled feeds
The decision comes in response to a lawsuit filed by the Dutch nonprofit Bits of Freedom, which argued that by controlling users’ feeds Meta has been improperly skewing what news consumers receive.
therecord.media
October 2, 2025 at 4:57 PM
Meta says it will appeal a ruling by a Dutch court, which ordered the company to change the way its recommendation feeds work or face steep fines therecord.media/dutch-court-...
Reposted
🚨 DDoS Alert 🚨
NoName claims to have targeted multiple websites in Denmark.
- Danish State Railways
- Trafikselskabet Movia
- Odense Kommune
NoName claims to have targeted multiple websites in Denmark.
- Danish State Railways
- Trafikselskabet Movia
- Odense Kommune
October 2, 2025 at 11:27 AM
🚨 DDoS Alert 🚨
NoName claims to have targeted multiple websites in Denmark.
- Danish State Railways
- Trafikselskabet Movia
- Odense Kommune
NoName claims to have targeted multiple websites in Denmark.
- Danish State Railways
- Trafikselskabet Movia
- Odense Kommune
Reposted
🚨 DDoS Alert 🇷🇴
NoName claims to have targeted multiple websites in Romania
- Tim Rail Cargo SRL
- Autoritatea Feroviară Română
NoName claims to have targeted multiple websites in Romania
- Tim Rail Cargo SRL
- Autoritatea Feroviară Română
October 2, 2025 at 3:42 PM
🚨 DDoS Alert 🇷🇴
NoName claims to have targeted multiple websites in Romania
- Tim Rail Cargo SRL
- Autoritatea Feroviară Română
NoName claims to have targeted multiple websites in Romania
- Tim Rail Cargo SRL
- Autoritatea Feroviară Română
#ThreatIntel - ENISA Threat Landscape 2025 🇪🇺
1️⃣ Phishing remains primary initial intrusion vector
2️⃣ Increased targeted cyber dependencies
3️⃣ Targeting of mobile devices
4️⃣ Threat groups converging
5️⃣ Predictable use of AI
www.enisa.europa.eu/publications...
1️⃣ Phishing remains primary initial intrusion vector
2️⃣ Increased targeted cyber dependencies
3️⃣ Targeting of mobile devices
4️⃣ Threat groups converging
5️⃣ Predictable use of AI
www.enisa.europa.eu/publications...
ENISA Threat Landscape 2025 | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.
www.enisa.europa.eu
October 2, 2025 at 3:25 PM
#ThreatIntel - ENISA Threat Landscape 2025 🇪🇺
1️⃣ Phishing remains primary initial intrusion vector
2️⃣ Increased targeted cyber dependencies
3️⃣ Targeting of mobile devices
4️⃣ Threat groups converging
5️⃣ Predictable use of AI
www.enisa.europa.eu/publications...
1️⃣ Phishing remains primary initial intrusion vector
2️⃣ Increased targeted cyber dependencies
3️⃣ Targeting of mobile devices
4️⃣ Threat groups converging
5️⃣ Predictable use of AI
www.enisa.europa.eu/publications...
Reposted
September 2025 cyberattack on Collins Aerospace disrupted major European airports, highlighting critical aviation cybersecurity risks and supply chain vulnerabilities.
European Airport Cyberattack Exposes Aviation Cybersecurity Vulnerabilities
September 2025 cyberattack on Collins Aerospace disrupted major European airports, highlighting critical aviation cybersecurity risks and supply chain vulnerabilities.
airpronews.com
September 21, 2025 at 5:08 AM
September 2025 cyberattack on Collins Aerospace disrupted major European airports, highlighting critical aviation cybersecurity risks and supply chain vulnerabilities.
#ThreatIntel #EU - ToxicPanda Android banking trojan seen deployed in 🇵🇹 and 🇪🇸
www.bitsight.com/blog/toxicpa...
www.bitsight.com/blog/toxicpa...
ToxicPanda Malware in 2025 | Bitsight TRACE Threat Research
What is ToxicPanda? Bitsight Trace dives into detail on the banking malware, from impact breadth, delivery, technical analysis, and more. Learn more now.
www.bitsight.com
August 2, 2025 at 8:16 AM
#ThreatIntel #EU - ToxicPanda Android banking trojan seen deployed in 🇵🇹 and 🇪🇸
www.bitsight.com/blog/toxicpa...
www.bitsight.com/blog/toxicpa...
Reposted
🚨 DDoS Alert🚨
Z-PENTEST ALLIANCE claims to have targeted the website of European Defence Agency 🇧🇪.
NB: The site is down at the moment.
Z-PENTEST ALLIANCE claims to have targeted the website of European Defence Agency 🇧🇪.
NB: The site is down at the moment.
August 1, 2025 at 6:57 PM
🚨 DDoS Alert🚨
Z-PENTEST ALLIANCE claims to have targeted the website of European Defence Agency 🇧🇪.
NB: The site is down at the moment.
Z-PENTEST ALLIANCE claims to have targeted the website of European Defence Agency 🇧🇪.
NB: The site is down at the moment.
#ThreatIntel Turla intrusion seen leveraging AiTM to target Moscow-based foreign embassies between 2024 and February 2025 www.microsoft.com/en-us/securi...
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow us...
www.microsoft.com
August 2, 2025 at 8:08 AM
#ThreatIntel Turla intrusion seen leveraging AiTM to target Moscow-based foreign embassies between 2024 and February 2025 www.microsoft.com/en-us/securi...
Reposted
🚨 Alert: New Hacktivist Alliance 🚨
NoName and Electronic Army Special Forces have officially announced a new alliance. They have recently been targeting Netherlands, Ukraine, Germany, Vietnam, Cambodia and the UK.
NoName and Electronic Army Special Forces have officially announced a new alliance. They have recently been targeting Netherlands, Ukraine, Germany, Vietnam, Cambodia and the UK.
April 30, 2025 at 11:47 AM
🚨 Alert: New Hacktivist Alliance 🚨
NoName and Electronic Army Special Forces have officially announced a new alliance. They have recently been targeting Netherlands, Ukraine, Germany, Vietnam, Cambodia and the UK.
NoName and Electronic Army Special Forces have officially announced a new alliance. They have recently been targeting Netherlands, Ukraine, Germany, Vietnam, Cambodia and the UK.
#ThreatIntel - Following the targeting of an Italian journalist w/ Paragon #spyware, a Dutch right-wing activist was reportedly notified of a spyware infection by Apple 🇮🇹 🇳🇱 techcrunch.com/2025/04/30/a...
Apple notifies new victims of spyware attacks across the world | TechCrunch
Two alleged victims came forward claiming they received a spyware notification from Apple.
techcrunch.com
May 1, 2025 at 6:16 AM
#ThreatIntel - Following the targeting of an Italian journalist w/ Paragon #spyware, a Dutch right-wing activist was reportedly notified of a spyware infection by Apple 🇮🇹 🇳🇱 techcrunch.com/2025/04/30/a...
Reposted
BREAKING: another journalist targeted with spyware in #Italy.
Colleague of known Paragon target.
Time for transparency from the Italian government.
They are an admitted Paragon user. Logs Paragon deployments keep should give a quick answer: was it them?
Story [IT]
www.fanpage.it/politica/il-...
Colleague of known Paragon target.
Time for transparency from the Italian government.
They are an admitted Paragon user. Logs Paragon deployments keep should give a quick answer: was it them?
Story [IT]
www.fanpage.it/politica/il-...
April 30, 2025 at 10:37 PM
BREAKING: another journalist targeted with spyware in #Italy.
Colleague of known Paragon target.
Time for transparency from the Italian government.
They are an admitted Paragon user. Logs Paragon deployments keep should give a quick answer: was it them?
Story [IT]
www.fanpage.it/politica/il-...
Colleague of known Paragon target.
Time for transparency from the Italian government.
They are an admitted Paragon user. Logs Paragon deployments keep should give a quick answer: was it them?
Story [IT]
www.fanpage.it/politica/il-...
#ThreatIntel - FR MFA 🇫🇷 attributes APT28 (aka Fancy Bear, Forest Blizzard) to RU www.diplomatie.gouv.fr/fr/dossiers-...
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25)
La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)
www.diplomatie.gouv.fr
April 29, 2025 at 5:27 PM
#ThreatIntel - FR MFA 🇫🇷 attributes APT28 (aka Fancy Bear, Forest Blizzard) to RU www.diplomatie.gouv.fr/fr/dossiers-...
#ThreatIntel - Volexity recently observed RU-nexus threat actors conducting spearphishing campaigns. UTA0307 was notably impersonating a member of the European Parliament belonging to the Committee on Foreign Affairs. Read more 👇
@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...
#dfir #threatintel #m365security
#dfir #threatintel #m365security
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...
www.volexity.com
February 16, 2025 at 6:43 PM
#ThreatIntel - Volexity recently observed RU-nexus threat actors conducting spearphishing campaigns. UTA0307 was notably impersonating a member of the European Parliament belonging to the Committee on Foreign Affairs. Read more 👇
#ThreatIntel - subgroup of RU-nexus GRU affiliated Sandworm observed conducting initial access near-global campaign "BadPilot". 19 EU Member States targeted www.microsoft.com/en-us/securi...
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelli...
www.microsoft.com
February 15, 2025 at 10:42 AM
#ThreatIntel - subgroup of RU-nexus GRU affiliated Sandworm observed conducting initial access near-global campaign "BadPilot". 19 EU Member States targeted www.microsoft.com/en-us/securi...
#ThreatIntel - Paragon' spyware Graphite reportedly targeting civil society by exploiting a WhatsApp vulnerability. Victimo notably includes an IT journalist 🇮🇹 www.theguardian.com/technology/2...
WhatsApp says journalists and civil society members were targets of Israeli spyware
Messaging app said it had ‘high confidence’ some users were targeted and ‘possibly compromised’ by Paragon Solutions spyware
www.theguardian.com
February 3, 2025 at 7:37 PM
#ThreatIntel - Paragon' spyware Graphite reportedly targeting civil society by exploiting a WhatsApp vulnerability. Victimo notably includes an IT journalist 🇮🇹 www.theguardian.com/technology/2...
#ThreatIntel - CERT-EU's January 2025 Cyber briefing is out 🇪🇺 😊 cert.europa.eu/publications...
Cyber Brief 25-02 - January 2025
Cyber Brief 25-02 - January 2025
cert.europa.eu
February 3, 2025 at 12:00 PM
#ThreatIntel - CERT-EU's January 2025 Cyber briefing is out 🇪🇺 😊 cert.europa.eu/publications...
#ThreatIntel - The #Europol coordinated operation « Talent » led by DE 🇩🇪 authorities & involving law enforcement from 8 countries ( incl. 🇫🇷, 🇮🇹, 🇬🇷, 🇷🇴, 🇪🇸) took down the Cracked and Nulled cybercrime platforms www.europol.europa.eu/media-press/...
Law enforcement takes down two largest cybercrime forums in the world | Europol
Law enforcement takes down two largest cybercrime forums in the world. The platforms combined had over 10 million users worldwide.
www.europol.europa.eu
February 1, 2025 at 9:45 AM
#ThreatIntel - The #Europol coordinated operation « Talent » led by DE 🇩🇪 authorities & involving law enforcement from 8 countries ( incl. 🇫🇷, 🇮🇹, 🇬🇷, 🇷🇴, 🇪🇸) took down the Cracked and Nulled cybercrime platforms www.europol.europa.eu/media-press/...
#ThreatIntel - New report by Google on the leveraging of Shadowpad ( aka ScatteredBrain)since 2022, associated to CN-nexus #APT41. Victimo includes SE and NL cloud.google.com/blog/topics/...
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog
We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.
cloud.google.com
February 1, 2025 at 9:36 AM
#ThreatIntel - New report by Google on the leveraging of Shadowpad ( aka ScatteredBrain)since 2022, associated to CN-nexus #APT41. Victimo includes SE and NL cloud.google.com/blog/topics/...
Reposted
Reposted
New: We've uncovered over 100 websites set up by a group known as Storm-1516. After the US elections the Russian influence operation has set its sights on Germany's federal elections. Some of these sites have already been used to attack German politicians. correctiv.org/faktencheck/...
January 23, 2025 at 11:40 AM
New: We've uncovered over 100 websites set up by a group known as Storm-1516. After the US elections the Russian influence operation has set its sights on Germany's federal elections. Some of these sites have already been used to attack German politicians. correctiv.org/faktencheck/...
Reposted
🚨 DDoS Alert 🚨
Mr Hamza claims to have targeted the website of German Federal ministry of defense.
NB: The site is up and active now.
#Germany
#cyberattack #infosec #threatintel
Mr Hamza claims to have targeted the website of German Federal ministry of defense.
NB: The site is up and active now.
#Germany
#cyberattack #infosec #threatintel
January 26, 2025 at 7:24 PM
🚨 DDoS Alert 🚨
Mr Hamza claims to have targeted the website of German Federal ministry of defense.
NB: The site is up and active now.
#Germany
#cyberattack #infosec #threatintel
Mr Hamza claims to have targeted the website of German Federal ministry of defense.
NB: The site is up and active now.
#Germany
#cyberattack #infosec #threatintel