Intel 471

The disruption of the XSS cybercrime forum marked one of the most significant events in cybercrime in 2025. Here's an assessment its future from Intel 471's research and analysis teams:
www.intel471.com/blog/after-d...

A new episode of our Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...

YouTube video by Intel 471 Defending against doxing ft. Jacob Larsen, Threat Researcher, Offensive Security Lead, CyberCX

Jacob Larsen is an #infosec pro who was involuntarily pulled into the dark world of doxing. Intel 471's latest Studio 471 podcast speaks with Jacob about doxing's effects, how sites like Doxbin exploit legal loopholes and how to defend against being doxed.
www.youtube.com/watch?v=y5AO...

Pro-Russian hacktivism: Shifting alliances, new groups and risks Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and…

Pro-Russian hacktivism campaigns continue to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks. #infosec intel471.com/blog/pro-rus...

A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content,…

The Black Basta ransomware gang contracted a person with the nickname Tinker. Tinker came from Conti and had a knack for running call centres, writing phishing emails and ransom negotiations. More here from Intel 471's Adversary Intelligence team. intel471.com/blog/a-look-...

DanaBot malware disrupted, threat actors named The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.

Law enforcement has smashed DanaBot, a data-stealing workhorse administered in Russia and sold to cybercriminals that also had a second, side version likely used for nation-state cyberespionage. Here's Intel 471's in-depth look at its operations. #infosec
intel471.com/blog/danabot...

How an alleged Russian hacker slipped away Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia —…

Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views. Research by @intel471.bsky.social #infosec intel471.com/blog/how-an-...

Zservers: Bulletproof hosting for online crime Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.

Russia-based bulletproof hosting service Zservers was breached, doxxed and sanctioned, but there are signs this cybercrime and ransomware service provider may not be finally done. New research from Intel 471. #infosec intel471.com/blog/zserver...

Cheers, Davey!

Black Basta exposed: A look at a cybercrime data leak Black Basta suffered a leak of 197,000 internal chats messages, which has exposed critical details about how this damaging ransomware gang operated,…

The Black Basta data leak exposed critical details about how this damaging ransomware gang operated, including how its top member claims to have eluded law enforcement. New blog here: intel471.com/blog/black-b... #infosec

DeepSeek is just the start. China has approved more than 117 LLMs since August 2023 that are all rapidly maturing in capability. Intel 471's Analysis and Cyber Geopolitical Intelligence teams explain here what this means for enterprise risk. #infosec intel471.com/blog/does-de...

How threat actors are using artificial intelligence Artificial intelligence is a red-hot mess, filled with contradicting predictions over whether it will bring vast benefits. In this Studio 471, Ashley Jess…

Intel 471's very own Senior Intelligence Analyst Ashley Jess has been closely following cybercriminal use and interest in AI. This was a pre-record before DeepSeek popped but it is a great discussion about the potential threats and risks. #infosec intel471.com/blog/how-thr...

Clop, a ransomware/extortion group that targets file transfer systems, revealed the names of 59 businesses that allegedly were impacted by the Cleo vulnerabilities and refused to pay. The group claimed their data will be publicly released on Saturday, with another list to come on Tuesday. #infosec

Cybercrime Exposed Podcast: Raccoon Stealer Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.

Ep. 8 of @intel471.bsky.social's Cybercrime Exposed podcast covers Raccoon Stealer, which was a popular and damaging infostealer. But its operator made a critical OPSEC error. Thanks to @crep1x.bsky.social of @sekoia.io. #infosec Full series on Apple and Spotify.
intel471.com/resources/po...

These phishing sites, which then harvest personal and financial data, lure people with too-cheap products. Intel 471 saw one campaign that created at least 20 fake sites for a major outdoor retailer. Entered data is sent off to a domain registered with a Chinese registrar. #infosec

Hundreds of fake websites have been registered over the last few days spoofing real brands containing "Black Friday" related keywords. These sites are often promoted through SEO tricks and search engine/social media ads. This one was at samsoniteblackfriday[.]shop.
#infosec

How to Defend Against Alleged Snowflake Attacker ‘Judische’ The threat actor behind the compromise of more than 165 organizations using Snowflake credentials stolen by infostealers has reportedly been detained.…

The breaches linked to customers of Snowflake marked one of the largest data breach waves of 2024. One of the alleged threat actors has been arrested in Canada. This blog is a deep dive into the Com-related threat actor "waifu" or @judische. #infosec
intel471.com/blog/how-to-...

Threat Hunting Case Study: Uncovering Turla Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group…

Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior. #infosec intel471.com/blog/threat-...

Will Processing CTI Become Legally Risky? In this Studio 471, Peter Swire discusses the regulatory environment, how it could impact the use of cyber threat intelligence and what could be done to…

Will processing cyber threat intelligence become illegal? Here's a discussion with professor Peter Swire about how data protection schemes can potentially clash with better cybersecurity defences. This is part of @intel471.bsky.social's interview series. #infosec intel471.com/blog/will-pr...

Are Telegram's New Policies Spooking Cybercriminals? Telegram will now divulge IP addresses and phone numbers in response to valid legal requests. Some cybercriminals are planning to leave Telegram. We…

We're fielding questions about how Telegram's pledge to turn over phone numbers and IP addresses under valid legal orders will impact visibility into cybercrime. Here's our assessment: intel471.com/blog/are-tel... #infosec

Russia is a hotbed of cybercriminal activity. Intel 471's Studio 471 podcast spoke with Alec Jackson, an analyst for the U.S. Department of Defense, about why and what the West could do to try to deter it. His answers may surprise.
intel471.com/blog/why-rus...

France vs. Telegram: What Does it Mean for Cybercrime? France indicted Telegram CEO Pavel Durov for an alleged failure to cooperate to stop criminal activity on the platform. Intel 471 analyzes how this may…

Here is Intel 471's analysis of what effect France's action against Telegram will have on cybercriminal use of the platform, which has been rising for a number of years for a number of reasons. #infosec
intel471.com/blog/france-...

Cybercrime Exposed Podcast: Tank In 2006, a new type of malware appeared on the scene. Its name was Zeus. It was enormously profitable for its cybercriminal developers, who used it to…

@intel471.bsky.social's Cybercrime Exposed podcast is back! It's a wild episode about Vyacheslav Penchukov aka "Tank," a Ukrainian threat actor who ran a gang that made at least $70 million through truly organized cybercrime. intel471.com/blog/cybercr...

Introducing the CTI Capability Maturity Model, a resource for… The CTI Capability Maturity Model (CTI-CMM) is an easy to use, vendor-neutral model that promotes a “stakeholder-first” approach to building a mature CTI…

Intel 471 collaborated with great minds in the CTI industry to develop the Cyber Threat Intelligence Capability Maturity Model. It's a methodical way to build a CTI program that establishes focus, satisfies stakeholders and improves security outcomes. intel471.com/blog/introdu...

Threat Actors Target Gift Card Issuing Systems ATLAS LION is a threat actor group that uses phishing to gain access to gift-card issuing systems and then generates fraudulent cards.

Intel 471 analyzed recent phishing campaigns by ATLAS LION, a group that specializes in compromising companies gift-card issuing systems. This group is skilled at attacker-in-the-middle phishing, spoofing IDPs and navigating cloud infrastructure.
intel471.com/blog/threat-...

Cyber Threat Landscape: 2024 Paris Olympic Games The infrastructure behind the 2024 Summer Olympics is vast, providing a large potential attack surface. Here's an overview of the threat landscape.

Our intelligence analysis team has written a cyber threat assessment of the Paris Olympic Games, covering how the Games could be impacted hacktivism, nation-state actors, ongoing geopolitical turmoil and financially motivated threat actors.
intel471.com/blog/cyber-t...

What lies ahead now after law enforcement's epic p0wning of LockBit, the No. 1 ransomware gang? Here's an analysis from Intel 471's great intelligence team. #infosec
intel471.com/blog/what-li...

Medibank’s Attacker: IT Businessman, Claimed Psychologist and Alleged… Australia has accused Aleksander Ermakov of one of the country's largest data beach and extortion attacks. Intel 471 has compiled a deep profile Ermakov…

Australia accused 33-year-old Russian Aleksandr Ermakov of the Medibank data breach and extortion attempt. Intel 471 has compiled a profile of Ermakov and his long-known links to cybercrime and ransomware. It's a good read. #infosec
intel471.com/blog/mediban...

Cybercrime Exposed Podcast: Social Engineering In this episode of Cybercrime Exposed, Bluma Janowitz, a social engineer and red team agent, describes two of her engagements to test an organization’s…

@x25princess.bsky.social is a social engineer and red teamer. She does discreet Wi-Fi scans, tries to get into buildings and does USB drops. Would you fall for the tricks? Listen to Ep. 3 of @intel471.bsky.social's Cybercrime Exposed podcast. #infosec

intel471.com/blog/cybercr...

Malaysian Police Disrupt ‘The Phisherman’ Malaysian police disrupted a massive phishing-as-a-service operation called BulletProftLink that Intel 471 has been tracking. Here’s why that’s important for enterprise security.

Malaysian police have disrupted a massive phishing-as-a-service operation that was the focus of Ep. 1 of our Cybercrime Exposed podcast. Here's the low-down on the threat it posed for enterprise security. #infosec intel471.com/blog/malaysi...