Liam's Avatar

Liam

@liammalcolm.com.bsky.social

Senior Cyber Threat Intel Analyst. Interest and experience in policing, intelligence, geopolitics and security. Former Special Constable. www.liammalcolm.com

77 Followers  |  294 Following  |  25 Posts  |  Joined: 09.10.2023  |  1.5926

Latest posts by liammalcolm.com on Bluesky

Preview
Cato CTRLβ„’ Threat Actor Profile: IntelBroker In June 2025, IntelBroker was charged by the U.S. for stealing and selling stolen data. Cato CTRL summarizes the digital forensics techniques used to track and arrest IntelBroker.

www.catonetworks.com/blog/cato-ct...

A fascinating read, some of the opsec errors are particularly eye opening.

05.08.2025 08:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I’ll never tire of watching the hope fade from people’s eyes when they start trying to use Eurostar Wi-Fi.

16.07.2025 18:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Your friend is sharing Vivaldi with you! Explore a powerful browser designed to give you control of the Internet. Personalize Vivaldi to fit your browsing style and needs.

Check out Vivaldi, the browser I'm using: vivaldi.com/invite

03.07.2025 19:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Amsterdam, I’m a big fan.

19.06.2025 19:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Yeah, I never thought about it that way before. That article genuinely shocked me!

13.06.2025 16:30 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is a terrifying read.

13.06.2025 15:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

What are people using for SIEM/EDR/XDR/etc on home lab devices installed on separate networks?

09.06.2025 18:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Bucharest is exquisite in the sun.

18.05.2025 13:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Zendesk now has a dark mode and I am a bit too excited about it!

14.05.2025 14:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Watching an argument between a customer service worker and two travellers. Raised voices etc. The employee has said she won’t assist if the travellers continue to raise their voice and walked away. A stark contrast to policing!

11.05.2025 14:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry.

doublepulsar.com/dragonforce-...

Co-op data exfiltrated, including member database.

Shocking to read, feel for the IR team. Disappointed at the lack of communications. Customers are becoming more tech aware, they deserve to be kept updated. And treated like adults.

We need to be more open.

02.05.2025 19:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I agree, and this is where the NCSC should be using their contacts to run briefs for trusted contacts within retail operational security teams. That is not happening, so we're all sharing the same IOCs we've found on Twitter, or have been passed with no context.

02.05.2025 18:55 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

As someone in the retail space, this week has been chaotic.

Although I'm in CTI, I can't share any intelligence as nobody is sharing any intelligence. It's all rumour (RUMINT).

The NCSC really need to take control here, and lead the sharing of intelligence with operational security teams.

02.05.2025 18:23 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Co-op fends off hackers as police probe M&S cyber attack The firm said the steps it had taken had had a 'small impact' on its call centre.

www.bbc.co.uk/news/article...

Good luck Co-op!

30.04.2025 13:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Marks & Spencer breach linked to Scattered Spider ransomware attack Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as "Scattered Spider"Β BleepingComputer has learned from...

www.bleepingcomputer.com/news/securit...

Looks like I may have been (kind of) right.

Scattered Spider are a very competent threat group, best wishes to anyone doing IR for M&S.

29.04.2025 08:30 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
M&S stops online orders and issues refunds after cyber attack The firm has stopped taking orders on its website and apps, including for food and clothes.

www.bbc.co.uk/news/article...

No ransomware group have uploaded data to leak sites, that in itself is telling. What threat actors don't routinely ransomware / post to leak sites?

Compare and contrast with the Ahold Delhaize breach which occurred last week.

26.04.2025 09:33 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 1

It *feels* like it has due to the amount of posters I see across the network. You’re correct with Met and busses however if a revenue op happens at a larger station then that’ll be BTP and Met, so much more likely to get involved in ticket irregularities.

22.04.2025 20:26 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Yeah, that’s the Croydon bus incident. Pax refused to cooperate with an RPI which led to a Met PC arrest. PC charged with assault and convicted, I believe then overturned. The Met no longer do fare evasion ops, just TfL who have no powers. I think that’s why evasion is endemic.

22.04.2025 19:53 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Was this the Croydon bus incident? I used to be a Special Constable with the British Transport Police so I regularly dealt with ticket irregularities (fare evasion). It’s a tricky one to deal with.

22.04.2025 19:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

This is fascinating - thank you for sharing.

22.04.2025 19:33 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Thanks @proton.me, loving your offerings! And your support has been excellent when I've had stupid questions.

21.04.2025 18:05 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

You’ve been wonderful, Bristol

06.04.2025 09:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Confirmed - legacy system popped. No lateral movement. Potentially encrypted passwords.

Well, Oracle, after your hastily issued statement, I’d be surprised if any of your customers trust you again.

Shows the importance of communications in dealing with any breach.

26.03.2025 08:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK CloudSEK uncovers a major breach targeting Oracle Cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability. Over 140,000 tenants are impacted, as the attacker demands ransom...

My gut says that a TA did breach a *part* of Oracle, now we wait and see if they do indeed have millions of credentials.

www.cloudsek.com/blog/the-big....

24.03.2025 13:54 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It's only an "ORB" if it is from the Cheltenham region of UK, otherwise it is just a sparkling botnet

18.11.2024 18:48 β€” πŸ‘ 41    πŸ” 5    πŸ’¬ 4    πŸ“Œ 0
Preview
Asda data breach warning after job cuts from tech team insider 'Asda will get a massive data breach and we all know it'

www.thegrocer.co.uk/news/asda-da...

Offttt

14.11.2024 09:21 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@liammalcolm.com is following 18 prominent accounts