Catalin Cimpanu
boosted
Yet another AitM campaign. This one on Secret Blizzard is written up by Microsoft.
Good thing Macs can't get malware, otherwise this SentinelOne post about ZuRu making a comeback might be worth looking into. IOCs in the post.
Etienne / Tek
boosted
For the past few weeks, @DomainTools Investigations worked with OSINT analyst and investigative journalist grantees to help uncover connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.
We provide a technical writeup below on the observables and data involved.
#infosec #cybersecurity #threatintel #disinformation
https://www.domaintools.com/resources/blog/rdap-and-bgp-in-investigative-journalism/
pospi
boosted
"Britain’s drug gangs and Moscow’s hackers were just two nodes in a vast criminal super-network [that] included sanctioned oligarchs, Russian intelligence operatives and an Irish crime family."
(and of course that network also now includes the #Trump administration, because Howard Lutnick is/was Tether's money manager)
* #TheEconomist: https://www.economist.com/1843/2025/07/04/how-tether-became-money-launderers-dream-currency
* no paywall: https://archive.ph/NiCRD
#moneylaundering #crime#corruption #crypto #cryptocurrency #iran #russia #uspol#howardLutnick #economist #economics #finance #uk #ukpol #garantex #threatintel #ransomware #cybersecurity #vladimirputin #oligarchs #putin #ukraine #kinahans #kinahan
2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”
They’re both a large MSP and MSSP who sell anti-ransomware services.
alcinnz
boosted
From 7 July to 18 July 2025, CIRCL will host a two-week online training event featuring hands-on sessions on various tools developed and maintained by CIRCL, as well as training in digital forensics and incident response (DFIR) techniques.
All time slots are in local Luxembourg time. The sessions are open to everyone: just connect using the provided Zoom link.
New @DomainTools Investigations research is out this morning, providing critical background on Iranian nation-state threat actors Intelligence Group 13.
Covering technical capabilities, tradecraft, ideological origins and more, the piece also details a model emerging in multiple foreign adversary structures: opaque private sector ecosystems where rotating cybermercenary vendor companies provide cover and resilience for offensive operations.
If you are interested in APT activity I would like to gently nudge you towards the ESET APT Activity Report for Q4 2024.
Not paywalled, fairly comprehensive and with good source referencing it provides a perspective on Chinese, Russian, Iranian and North Korean APT activity.
Worth a look IMHO.
Our @DomainTools Investigations team leaned on some of our internal skills and access to provide timely background on Iranian "hacktivist" operators CyberAv3ngers.
The point to emphasize is the blend of psychological operations with cyber elements - something we're likely to see, or may be seeing already.
(Also important to remember: not everything that happens right now will be Iran/affiliated. Always locate and question your assumptions.)
