Calwarez's Avatar

Calwarez

@calwarez.bsky.social

Director for Malicious Infrastructure Discovery @ Recorded Future | Views my own

452 Followers  |  210 Following  |  42 Posts  |  Joined: 18.07.2023  |  1.8034

Latest posts by calwarez.bsky.social on Bluesky

Preview
Pro-Russia hacktivist activity continues to target UK organisations The NCSC encourages local government and critical infrastructure operators to harden their โ€˜denial of serviceโ€™ (DoS) defences

Today the NCSC has issued a warning highlighting Pro-Russian Hacktivist groups are targeting sectors across the UK.

All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.

19.01.2026 16:20 โ€” ๐Ÿ‘ 12    ๐Ÿ” 10    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Preview
Predator spyware demonstrates troubleshooting, researcher-dodging capabilities Predator spyware operators have the ability to recognize why an infection failed, and the tech has more sophisticated capabilities for averting detection than previously known, according to research p...

Predator spyware demonstrates troubleshooting, research-dodging capabilities cyberscoop.com/predator-spy...

14.01.2026 20:04 โ€” ๐Ÿ‘ 10    ๐Ÿ” 7    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
NoName057(16) and DDoSia Project Analysis: Russia's Most Persistent Hacktivist Operation Threat actor card of NoName057(16)

NoName057(16) and DDoSia Project Analysis: Russiaโ€™s Most Persistent Hacktivist Operation
socradar.io/blog/noname0...
New SOCRadar Whitepaper Reveals the Inner Workings of DDoSia and Pro-Russian Cyber Aggression

08.01.2026 13:06 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GRU-Linked BlueDelta Evolves Credential Harvesting Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Recorded Futureโ€™s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
www.recordedfuture.com/research/gru...

08.01.2026 13:09 โ€” ๐Ÿ‘ 4    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GRU-Linked BlueDelta Evolves Credential Harvesting Insikt Group reveals how GRU-linked BlueDelta evolved credential-harvesting campaigns targeting government, energy, and research organizations across Europe and Eurasia.

Today, we released new @RecordedFuture research detailing BlueDeltaโ€™s expanded credential-harvesting activity observed between February and September 2025. #BlueDelta #APT28 #FANCYBEAR #ForestBlizzard #FROZENLAKE #ITG05 #PawnStorm #Sednit #Sofacy #TA422 (1/5) www.recordedfuture.com/research/gru...

07.01.2026 15:39 โ€” ๐Ÿ‘ 7    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
BlueDeltaโ€™s Persistent Campaign Against UKR.NET Discover how Russiaโ€™s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.

Recorded Futureโ€™s Insikt Group identified a sustained credential-harvesting campaign targeting users of UKR.NET. The activity is attributed to the Russian state-sponsored threat group | www.recordedfuture.com/research/blu...

18.12.2025 12:09 โ€” ๐Ÿ‘ 7    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
two men are sitting in front of a crowd talking about strategy ALT: two men are sitting in front of a crowd talking about strategy
18.12.2025 08:56 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Local hackers and Russian-speaking cyber criminals stretching UK responses UK law enforcement must combat a diversifying array of cyber threats in the face of limited resources and a rapidly evolving cyber landscape

In their latest for Binding Hook, @nca-uk.bsky.socialโ€™s William Lyne and @rusi.bsky.social's @jamiemaccoll.bsky.social look at the challenges facing UK law enforcement as cybercriminals become more diverse at home and abroad: bindinghook.com/local-hacker...

10.12.2025 10:02 โ€” ๐Ÿ‘ 5    ๐Ÿ” 5    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her r...

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups (U.S. Department of Justice): www.justice.gov/opa/pr/justi...

10.12.2025 11:28 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GrayBravoโ€™s CastleLoader Activity Clusters Target Multiple Industries

1/ @whoisnt.bsky.social, Marius, and I just published a report on #GrayBravo (formerly TAG-150), a highly adaptive, sophisticated threat actor that we first identified in Sept 2025. It uses a multi-layered infrastructure and responds quickly to exposure: www.recordedfuture.com/research/gra...

09.12.2025 08:24 โ€” ๐Ÿ‘ 10    ๐Ÿ” 6    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1
Post image

Recorded Futureโ€™s Insikt Group uncovered four GrayBravo activity clusters. TAG-160 impersonates logistics firms, while TAG-161 impersonates Booking.com, employing ClickFix to deliver CastleLoader and Matanbuchus. www.recordedfuture.com/research/gra...

09.12.2025 11:25 โ€” ๐Ÿ‘ 6    ๐Ÿ” 5    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

"There is a lack of consensus regarding the current state of AI malware maturity."

So we put together #AIM3 to help #malware researchers describe the maturity level of an #AI_Malware Threat.
www.recordedfuture.com/blog/ai-malw...

06.12.2025 03:23 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

โš ๏ธ New victims of Predator #spyware identified, with malicious TikTok links revealing new targets, and evidence showing ๐Ÿ‡ช๐Ÿ‡ฌEgypt & ๐Ÿ‡ธ๐Ÿ‡ฆSaudi clients still active.

โžก๏ธ Ad-based infections confirmed.

โžก๏ธ Leaked files & investigation expose post-sanctions Intellexa operations.

www.haaretz.com/israel-news/...

04.12.2025 06:02 โ€” ๐Ÿ‘ 6    ๐Ÿ” 7    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 2
Preview
To Catch a Predator: Leak exposes the internal operations of Intellexaโ€™s mercenary spyware - Amnesty International Security Lab Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the โ€œIntellexa Leaksโ€ investigation gives a never-before-seen glimpse of the internal operations...

And check out the companion blog post by @amnestyuk.bsky.social tech with a detailed peek into Intellexa's setup based on leaked materials ๐Ÿ‘€

Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...

04.12.2025 05:03 โ€” ๐Ÿ‘ 6    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Intellexaโ€™s Global Corporate Web

1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...

04.12.2025 04:17 โ€” ๐Ÿ‘ 26    ๐Ÿ” 18    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 4
Post image

Cyber Monday Dealย โ€จGet 6 months of Modat Magnify Pro for just โ‚ฌ5 total (save โ‚ฌ355).ย 
Use code: MODAT2025CYBERMONDAYย 
ย โ€จTry the platform. Run advanced queries. Find what others miss.ย โ€จ
magnify.modat.io
โ€จ#CyberMonday #Cybersecurity #OSINT

01.12.2025 10:51 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...

19.11.2025 17:17 โ€” ๐Ÿ‘ 3    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Great read from @lawrencesec.bsky.social & @whoisnt.bsky.social !

06.11.2025 11:53 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Dark Covenant 3.0: Controlled Impunity and Russiaโ€™s Cybercriminals Explore how Russiaโ€™s cybercriminal ecosystem evolved under Operation Endgameโ€”where state control, selective enforcement, and criminal alliances collide.

Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...

22.10.2025 14:26 โ€” ๐Ÿ‘ 7    ๐Ÿ” 7    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. ๐Ÿ‘‡

21.10.2025 08:45 โ€” ๐Ÿ‘ 5    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
BIETA: A Technology Enablement Front for China's MSS Discover how China's Ministry of State Security (MSS) almost certainly operates BIETA and its subsidiary CIII as public fronts for cyber-espionage, covert communications, and technology acquisition. C...

Recorded Future just published a report diving into the Beijing Institute of Electronics Technology and Application (BIETA), which is almost certainly a front for Chinaโ€™s MSS, developing technologies to support intelligence and military missions. Full report: www.recordedfuture.com/research/bie...

07.10.2025 20:04 โ€” ๐Ÿ‘ 18    ๐Ÿ” 14    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 2
Post image

๐Ÿ‘‹ Don't miss the first Colloquium session tomorrow!

๐Ÿ“Œ Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
๐Ÿ’ก Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
๐Ÿ—“๏ธ October 2, 2025
๐Ÿ•“ 16:00 โ€“ 17:00 CET

01.10.2025 13:03 โ€” ๐Ÿ‘ 4    ๐Ÿ” 4    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

Recorded Future's Insikt Group reports CopyCop, also tracked as Storm 1516, expanding in 2025, adding at least 200 new fictional media websites targeting the United States, France and Canada and using self-hosted LLMs. www.recordedfuture.com/research/cop...

18.09.2025 09:09 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!

www.virusbulletin.com/conference/v...

22.09.2025 08:23 โ€” ๐Ÿ‘ 18    ๐Ÿ” 9    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Preview
UK sanctions Georgia-linked supporters of Putinโ€™s illegal war in Ukraine The UK has announced new sanctions targeting Georgia-linked supporters of Putinโ€™s illegal war in Ukraine.

The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. www.gov.uk/government/n...

22.09.2025 15:48 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Really excited to present at #LABScon25 on ChamelGangโ€˜s most recent campaign targeting the Taliban, a collaborative research project with @milenkowski.bsky.social (SentinelLABS) and @azaka.fun (TeamT5)! www.labscon.io/speakers/jul...

16.09.2025 13:49 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Great blog post from @briankrebs.infosec.exchange.ap.brid.gy on #StarkIndustries. Makes a great point by highlighting it's links to MIRHosting. Where there are Dutch prefixes under these providers, there is usually always MIRHosting upstream.

11.09.2025 18:32 โ€” ๐Ÿ‘ 4    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. www.recordedfuture.com/research/fro...

08.09.2025 08:33 โ€” ๐Ÿ‘ 4    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Recorded Future has spotted two influence operations around the recent India-Pakistan military conflict from May.

The networks are tracked as networks as Hidden Charkha (pro-India) and Khyber Defender (pro-Pakistan).

www.recordedfuture.com/research/inf...

07.09.2025 11:24 โ€” ๐Ÿ‘ 5    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Should be all fixed now :-)

05.09.2025 18:31 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@calwarez is following 20 prominent accounts