X_Hunt3r

Saher's first blog on the scourge that is ClickFix usage in the espionage space!!

Had to sneak in the UNK_RemoteRogue RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics

Attention!

Check your Compromised Website Report for critical events tagged “fortinet-compromised” and follow Fortinet's mitigation advice on compromised devices:

fortinet.com/blog/psirt-b...

Data available from 2025-04-11+

shadowserver.org/what-we-do/n...

Snoop, a Romanian investigative journalism outlet, has linked an online advertising company named AdNow to intelligence officials from Russia's FSB and SVR services

snoop.ro/pe-urmele-ba...

🪡 Our 2024 Malicious Infrastructure Report showcases the results of our detections across hundreds of malware families and threat actors, revealing victims in 200+ countries and highlighting the global scale of cyber threats.
Blog: www.recordedfuture.com/research/202... (1/10)

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...

@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...

#dfir #threatintel #m365security

New Insikt Report just landed: RedMike AKA Salt Typhoon targeting of Global Telcos.
www.recordedfuture.com/research/red...

100 Days of Yara, Yara Rule Tips and The Current State of Email borne Threats with Greg Lesnewich Yara is one of the most versatile tools in cyber security. Come learn about creating effective and efficient rules with the creator of the 100 Days of Yara, ...

🔥 Live streams resume this week! Greg Lesnewich joins us to talk about 100 Days of Yara, some Yara rule tips and the current state of email borne threats!

https://buff.ly/4gukMSN

🗓️ Thursday at 2pm CST

Ukrainian military considering creation of new cyber army branch Ukrainian military, lawmakers, and experts discussed the creation of a separate branch of Ukraine's Armed Forces dedicated to cyberspace operations, the General Staff said on Oct. 24.

Ukrainian military officials, lawmakers, and experts are discussing the creation of a separate branch of Ukraine's Armed Forces dedicated to cyberspace operations, according to the General Staff of Ukraine.
kyivindependent.com/ukraine-cons...

"Crazy Evil" Cryptoscam Gang: Unmasking a Global Threat in 2024 Explore how the "Crazy Evil" cryptoscam gang operates, infecting thousands worldwide with infostealer malware. Learn how its tactics pose a threat to the Web3 ecosystem and digital asset security.

New report! Check it out.

This research examines the operations of Crazy Evil — a Russian-speaking “traffer team” and cryptoscam gang — which has victimized thousands of people with infostealer malware.

Blog: www.recordedfuture.com/research/cra...

PDF: go.recordedfuture.com/hubfs/report...

Tracking Adversaries: Ghostwriter APT Infrastructure CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security

New Blog! Tracking Adversaries: Ghostwriter APT Infrastructure 🇧🇾

blog.bushidotoken.net/2025/01/trac...

Great work!

UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In an email to customers, seen by TechCrunch, Nominet…

UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

Unveiling Russian Surveillance Tech Expansion in Central Asia and Latin America A new report by Recorded Future’s Insikt group finds that countries across Central Asia and Latin America are increasingly basing their digital surveillance practices on Russia's System for Operative ...

New report! Check it out.

This research examines the global proliferation of Russian surveillance technologies, their use by repressive governments, and possible data-sharing with Russian intelligence.

Blog: www.recordedfuture.com/research/tra...

PDF: go.recordedfuture.com/hubfs/report...

DOOM® CAPTCHA Prove you're human by playing DOOM

DOOM-based CAPTCHA system

doom-captcha.vercel.app

Russia's Sovereign RuNet: A Challenge to the Cybercrime Underworld? In this blog, we will explore the extent to which the legislative and technical evolutions of the RuNet have impacted the Russian-speaking..

Russia's 'Sovereign Runet' initiative aims to isolate its internet from the global web, posing significant challenges to the cybercrime underworld that thrives on international connectivity. #CyberSecurity #Runet
www.cybercrimediaries.com/post/russia-...

China’s Propaganda Expansion: Inside the Rise of International Communication Centers (ICCs) China's ICCs reshape global propaganda via targeted messaging, social media, and influence networks to amplify the Communist Party's voice globally.

New report! Check it out.

This research examines the role of Chinese international communication centers (ICCs) in amplifying propaganda via inauthentic social media activity, foreign influencers, and more.

Blog: www.recordedfuture.com/research/bre...

PDF: go.recordedfuture.com/hubfs/report...

Great to be back at Cyber Threat for a third year. Awesome talks, great networking, and a very fresh and fun CTF. #cyberthreat24

BlueAlpha Leverages Cloudflare Tunnels for GammaDrop Infrastructure BlueAlpha, a Russian cyber group, uses Cloudflare Tunnels to deploy GammaDrop malware, escalating challenges in targeting Ukrainian entities.

🚨 New Report Alert: Insikt Group has uncovered #BlueAlpha, a Russian FSB-linked threat group overlapping with #Gamaredon, conducting a cyber-espionage campaign against Ukrainian targets. www.recordedfuture.com/research/blu...

@milenkowski.bsky.social and I are looking forward to presenting together at #CyberThreat2024 in London next month. We‘ll be discussing China-nexus APTs engaging in cybercriminal activities like ransomware.

Looking for more people to follow on BlueSky? Find the @curatedintel.bsky.social folks here: go.bsky.app/Kfp62Uh

Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY TAG-110, a Russia-aligned threat group, targets organizations across Asia and Europe using HATVIBE and CHERRYSPY malware for espionage. Learn how Recorded Future's analysis uncovers the group’s tactic...

A new TAG-110 report, including victimology and recent C2 infrastructure, has just landed. #TAG110 #BlueDelta #APT28 www.recordedfuture.com/research/rus...

Screengrab of search results in Bluesky for the handle "bbcnews". It shows a list of accounts all of which could be the real BBC news, but it's unclear.

As we're in this rapid growth of @bsky.app, not only are we going to see accnts impersonating high profile individuals, but critically, impersonating high reputation news sources.

All it would take is some imaginative "Breaking News" to hit public confidence.

Can the real BBC News please stand up?

two men are standing next to each other with the words " we open it up " on the screen ALT: two men are standing next to each other with the words " we open it up " on the screen

#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)