Tom Padden's Avatar

Tom Padden

@tpad.bsky.social

Threat intelligence analyst. He/him

98 Followers  |  256 Following  |  4 Posts  |  Joined: 09.10.2023  |  1.6494

Latest posts by tpad.bsky.social on Bluesky

Preview
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics Russia-aligned TAG-110 shifts to .dotm phishing lures in a 2025 campaign against Tajikistan’s public sector, advancing cyber-espionage in Central Asia.

New research from Insikt Group on a phishing campaign targeting Tajikistan attributed to TAG-110, a Russia-aligned threat actor, which overlaps with UAC-0063 and has been associated with APT28 (BlueDelta): www.recordedfuture.com/research/rus...

22.05.2025 17:02 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image 17.04.2025 22:26 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Slabhead

17.04.2025 22:08 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

πŸ“£ Oops!... They did it again!!!
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.πŸ”₯

#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➑️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters inπŸ§΅β¬‡οΈ 1/18

07.03.2025 14:42 β€” πŸ‘ 20    πŸ” 14    πŸ’¬ 1    πŸ“Œ 5
Heaven 17 - (We Don't Need This) Fascist Groove Thang
YouTube video by whynotandy Heaven 17 - (We Don't Need This) Fascist Groove Thang
06.03.2025 14:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The number of companies providing vulnerabilities to China’s MSS has ballooned to 324, up from 151 in 2023! Most new companies are currently Tier 3. China’s ecosystem of vuln suppliers is frothy.

03.03.2025 21:42 β€” πŸ‘ 18    πŸ” 11    πŸ’¬ 2    πŸ“Œ 1
Preview
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks A team Microsoft calls BadPilot is acting as Sandworm's β€œinitial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.

Microsoft finds a team within Sandworm has been carrying out widespread initial access operations on behalf of the GRU group and focused on US, UK, Canada and Australia networks over 2024, exploiting Connectwise ScreenConnect and Fortinet FortiClient EMS. www.wired.com/story/russia...

12.02.2025 17:07 β€” πŸ‘ 64    πŸ” 31    πŸ’¬ 2    πŸ“Œ 1
Preview
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.

It's the most wonderful timeee of the year:

cloud.google.com/blog/topics/...

09.01.2025 09:36 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Video thumbnail

High octane stuff

30.11.2024 09:03 β€” πŸ‘ 1603    πŸ” 291    πŸ’¬ 57    πŸ“Œ 42
Preview
RU APT targeting Energy Infrastructure (Unknown unknowns, part 3) Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their p...

What kind of actor would be interested in targeting eurozone gas storage, as well as Ukrainian electrical transmission infrastructure? strikeready.com/blog/ru-apt-...

29.11.2024 17:14 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

🚨 Don’t miss Tom Padden at #CYBERWARCON as he unpacks edge device targeting via 0-day exploits.

Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors.

πŸ”— www.cyberwarcon.com/registration

18.11.2024 22:55 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 Note: Since this is 'breaking' news and more details are being released, we're updating this post as more details become available (and as we think of better memes). Mash that F5 key every so often fo...

Bit going on with edge device exploitation at the moment
labs.watchtowr.com/pots-and-pan...

19.11.2024 09:59 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap

09.11.2024 23:08 β€” πŸ‘ 186    πŸ” 71    πŸ’¬ 32    πŸ“Œ 3
Preview
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...

@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...

15.11.2024 20:02 β€” πŸ‘ 37    πŸ” 27    πŸ’¬ 0    πŸ“Œ 1
Post image

here's what today's russian apt phish campaign looked like, targeting ukraine
tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net
44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb

14.11.2024 19:54 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats Sekoia TDR analysts conduct an assessment of threats regarding the major elections that will occur in 2024.

blog.sekoia.io/a-three-beat...

14.11.2024 12:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@tpad is following 20 prominent accounts