Orange Cyberdefense CERT
@ocd-cert.bsky.social
The CERT Orange Cyberdefense brings together experts on Cyber Threat Intelligence (CTI), Cybercrime Monitoring (MCM), Vulnerability Operation Center (VOC) and digital forensics and incident responders (CSIRT).
https://www.orangecyberdefense.com/
https://www.orangecyberdefense.com/
🔎Our CERT is releasing a new technical report on 🇰🇵Operation #DreamJob, focusing on recent evolution in its tooling.
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
November 20, 2025 at 2:37 PM
🔎Our CERT is releasing a new technical report on 🇰🇵Operation #DreamJob, focusing on recent evolution in its tooling.
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
Reposted by Orange Cyberdefense CERT
🎣🧀 Since early September 2025, the Orange Cyberdefense CSIRT and CyberSOC teams have detected phishing campaigns impersonating Meta, AppSheet and Paypal, leading to malware delivery. Our team tracks this activity under the alias "Metappenzeller".
#CTI #ThreatIntel #Metappenzeller #phishing
#CTI #ThreatIntel #Metappenzeller #phishing
September 23, 2025 at 9:38 AM
🎣🧀 Since early September 2025, the Orange Cyberdefense CSIRT and CyberSOC teams have detected phishing campaigns impersonating Meta, AppSheet and Paypal, leading to malware delivery. Our team tracks this activity under the alias "Metappenzeller".
#CTI #ThreatIntel #Metappenzeller #phishing
#CTI #ThreatIntel #Metappenzeller #phishing
Reposted by Orange Cyberdefense CERT
🧀 Update on MintsLoader: a thread 🔽
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
July 3, 2025 at 7:43 AM
🧀 Update on MintsLoader: a thread 🔽
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
March 17, 2025 at 3:56 PM
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
🆕New version of our #ransomware mapping is out on our GitHub!
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
March 5, 2025 at 4:32 PM
🆕New version of our #ransomware mapping is out on our GitHub!
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
Reposted by Orange Cyberdefense CERT
📍For more than 8 months, our threat researchers from OCD
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
Orange Cyberdefense CERT Threat Research: The hidden network map
research.cert.orangecyberdefense.com
November 25, 2024 at 10:59 AM
📍For more than 8 months, our threat researchers from OCD
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...