Daniel Lunghi @thehellu - Bluesky Profile

Latest posts by thehellu.bsky.social on Bluesky

Orange Cyberdefense saw the same threat and named the ransomware "NailaoLocker" orangecyberdefense.com/global/blog/.... They share interesting thoughts on the motivations of the ransomware deployment, although they don't have the final answer. We also saw no financial gain for the threat actor

20.02.2025 09:39 — 👍 0 🔁 0 💬 0 📌 0

For incident responders, remember to retrieve the volume serial number where #Shadowpad was deployed, since it is used to encrypt the payload in the registry. Those serial numbers can also be found in LNK and Prefetch files in case you don't have live access to the host anymore

20.02.2025 09:39 — 👍 0 🔁 0 💬 1 📌 0

We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT

20.02.2025 09:39 — 👍 6 🔁 3 💬 1 📌 0

China : Chinese firm behind hacking operations against Uyghurs and Tibetans unveiled Intelligence Online has established a link between a Chinese public security ministry contractor and recent IT hacking operations carried out in China and abroad against the two minorities, reviled

Intelligence Online links the MOONSHINE framework that we discussed in our Earth Minotaur report (www.trendmicro.com/en_us/resear...) to a Chinese company www.intelligenceonline.com/surveillance... (article is free but needs registration to access it). Happy new year UPSEC ! 😘

29.01.2025 10:08 — 👍 9 🔁 11 💬 1 📌 0

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

Since Aug 2024 Earth Koshchei (APT29, Midnight Blizzard) used 193 RDP relays and 34 rogue backends against military, MFAs and others. The campaign peak was likely preceded by barely audible campaigns that ended with a bang in Oct 2024. Details and indicators here: www.trendmicro.com/en_us/resear...

17.12.2024 08:33 — 👍 8 🔁 7 💬 0 📌 0

Attack chain showing attacker generating link on Moonshine, then sending it through targeted application to the victim, which after clicking the links gets compromised and delivered the DarkNimbus backdoor

Validation flow that fingerprints the target by looking at user agent and delivering the proper exploit

multiple Chrome vulnerabilities exploited in the third-party applications

List of Android applications being targeted Most are very popular in South East Asia

Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...

05.12.2024 08:48 — 👍 12 🔁 7 💬 0 📌 2

@thehellu is following 20 prominent accounts

hakan
@hatr

reporter covering cyber (both crime and state-sponsored) for Der Spiegel and ZDF, short overview at https://linktr.ee/hakantanriverdi, Signal: hakan.25

Hague TIX
@haguetix

The Hague Threat Intelligence Exchange (Hague TIX) conference by @thehagueprogram - back on 10 June 2025 for #HagueTIX2025! --> www.hague-tix.nl

Gabriel Thierry
@gabrielthierry

Journaliste, aux manettes de la newsletter cybercrime Pwned | gabrielthierry@protonmail.com https://linktr.ee/gabrielthierry

Zion Leonahenahe Basque
@mahal0z

Native Hawaiian Hacker | Prev Co-captain of @Shellphish | PhD Student in Comp Sci @ASU l Decompiler Research | https://mahaloz.re

vx-underground
@vxundg-ported

Ported vx-underground from twitter. vx-staff: if you want me to take it down, pm me i'm not using to impersonate you!

Alex Matrosov
@matrosov

The Citizen Lab
@citizenlab.ca

Research and development at the intersection of cyberspace, global security, and human rights. Based at Munk School of Global Affairs & Public Policy, University of Toronto.

@hasherezade

Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc) ; https://hasherezade.net

Ivan Kwiatkowski
@justicerage

Security Researcher @Meta. Writer. Would-be musician. Maintainer of Manalyze and Gepetto. Trolling on a purely personal capacity.

Hexacon
@hexacon

Offensive security conference in the heart of Paris. 10-11th October 2025 https://www.hexacon.fr/

World Watch OCD
@ocdworldwatch

World Watch CTI team from Orange Cyberdefense https://www.orangecyberdefense.com/global/offering/managed-services/threat-and-risk-management/world-watch

Stephen Hilt
@sjhilt.hilt.zip

Threat Researcher @TrendMicro, waffle maker, and dad. My statements and opinions are my own and do not reflect my company.

Mark Kelly
@mkyo

🇨🇳 Threat Research at Proofpoint

Silas Cutler
@silascutler

You may know me from your server logs. Malware, Hacks, Internet Scanning, CTI w00w00, Censys, IST

Greg Walton
@jamyang.net

gab 🇺🇦🇵🇸
@gabagool.ing

fka @gabbyroncone on twitter. mission tech lead for RU & Eastern European APT ops @Google. views expressed here are mine, not my employer’s. she/her.

Pasquale Stirparo 🇺🇦 🇪🇺
@pstirparo

#ThreatIntel #ICS #DFIR; ''Learning iOS Forensics'' author; #BSidesZH #BSidesBE #PIVOTcon org. @pivotcon.bsky.social https://pstirparo.ch twitter.com/pstirparo Related interests/obsessions: #ThreatHunting #CTI #YARA #CriticalThinking #Books #Obsidian

Nithin Coca
@nithincoca.com

Asia-focused (🇯🇵🇲🇾🇮🇩 & Tibet) award winning global journalist covering environment, climate, Human Rights & supply chains. DM for Signal 🔑 📍Japan, sometimes California or Indonesia Mastodon: https://social.coop/@ncoca Contact: nithincoca.com

Luke Jenkins
@lukejenx

Malware/Russia guy at Google

@qutluch

When these frail shadows we inhabit now have quit the stage, we'll meet and raise a glass again together in Valhalla.