's Avatar

@adorais.bsky.social

Manager, APT Research Team @ Proofpoint

71 Followers  |  118 Following  |  10 Posts  |  Joined: 12.12.2024  |  1.6357

Latest posts by adorais.bsky.social on Bluesky

Multiple reports have documented specific TA397 campaigns, this one takes a holistic look at the group's activity and puts forward attribution elements pointing towards Indian state interests alignment.

Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers

06.06.2025 13:58 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

We assess the motivation was to better understand the appetite to continue fighting against the RU invasion and assess the medium-term outlook of the conflict.

Great work by @greg-l.bsky.social @saffronsec.bsky.social and @mkyo.bsky.social !

13.05.2025 14:08 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
TA406 Pivots to the Front | Proofpoint US What happenedย  In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these

New Proofpoint blog alert

We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:

www.proofpoint.com/us/blog/thre...

13.05.2025 14:08 โ€” ๐Ÿ‘ 7    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Personal bias aside, that is still a must-read. Impressive work by @saffronsec.bsky.social grouping together multiple campaigns to provide a comprehensive view of APT state-sponsored actors using ClickFix. Here's to your first blog with us! ๐Ÿฅ‚

17.04.2025 19:07 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Great team collab by @saffronsec.bsky.social
@mkyo.bsky.social @greg-l.bsky.social and Josh Miller ๐Ÿค

17.04.2025 19:00 โ€” ๐Ÿ‘ 4    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Today, we release a new blog that highlights how state-sponsored groups from North Korea, Iran, and Russia were all seen using the ClickFix technique in their routine activity. We also release key IOCs for all campaigns. Happy hunting!

17.04.2025 19:00 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social

๐ŸŽฏNew Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix ๐ŸŽฏ
www.proofpoint.com/us/blog/thre...

In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...

17.04.2025 19:00 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Network iocs:
academymusica[.]com
samsnewlooker[.]com
jacknwoods[.]com
38.180.142[.]228
96.9.215[.]155

17.12.2024 15:24 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Hot off the press - new report on TA397 (aka Bitter) by Proofpoint's Threat Research team
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives

www.proofpoint.com/us/blog/thre...

17.12.2024 15:24 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line.
The emails contained a password-protected RAR attachment with the malicious payload.

12.12.2024 21:21 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image Post image Post image

since I'm cold and missing #OBTS I wanted to reflect on what
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module

the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies

12.12.2024 20:26 โ€” ๐Ÿ‘ 19    ๐Ÿ” 8    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 0

@adorais is following 19 prominent accounts