Russian prison culture and slang on cybercriminal forums: Can you cram on the hairdryer?
In a few previous blogs, we’ve covered how threat actors discuss prison on Russian-language cybercriminal platforms. We’ve touched on high-profile ...
Read Post
Account takeover: Are you opening the door for cyber threat actors?
In 2020, our research report on account takeover (ATO) highlighted the risk of using credentials in an unsafe manner, which ...
Read Post
Vulnerability Intelligence Round Up: The Good, The Bad, and The Risky
There is a saying derived from Western movies that say whoever draws first, loses the duel. Nick Bohr, a famous ...
Read Post
What we’re reading this month: May 2022
Where is the year going? It only seems like yesterday that we celebrated the turn of the year, with the ...
Read Post
Advanced persistent threat group feature: Mustang Panda
Advanced persistent threat (APT) groups are often tricky to wrap your head around. By their nature, state-associated groups are well-resourced ...
Read Post
Five years after the WannaCry dumpster fire, ransomware remains a global threat
It has been five years since the dumpster fire we all remember as WannaCry. WannaCry is self-propagating ransomware that held ...
Read Post
Weekly: The Return of REvil, China APT Activity, Russia-Ukraine RoundUp
ShadowTalk host Chris alongside Ivan and Nicole bring you the latest in threat intelligence. This week they cover:
* REvil ransomware returns with new malware
* Moshen Dragon targeting...
Read Post
ALPHV: The First Rust-Based Ransomware
In late 2021, we observed a new ransomware operation named “ALPHV” (also known as BlackCat) emerge. The group operates as ...
Read Post
Colonial Pipeline One Year Later: What’s Changed?
For the first half of 2021, ransomware groups looked unstoppable. Ransomware gangs were adding victim after victim on their dark ...
Read Post
The Russia – Ukraine war: Two months in
The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its ...
Read Post
Opportunity in the midst of chaos: Russian-speaking cybercriminals grapple with sanctions and forum takedowns
As a threat intelligence professional, it’s difficult to ignore how major developments in the real world affect the lives of ...
Read Post
The Power Of Data Analysis In Threat Intelligence – Part 2: Machine Learning
This blog is the second part of our Data Analysis in Threat Intelligence series, where we focus on the tools ...
Read Post
What We’re Reading This Month: April 2022
As an intelligence analyst, it’s paramount to stay on top of what’s happening in the world around you. To inform ...
Read Post
The role of Non-Fungible Tokens (NFTs) in facilitating cybercrime
You’d have to have been living under a rock to have avoided the excitement surrounding Non-Fungible-Tokens (NFTs) in the last ...
Read Post
Weekly: Cybercriminal Forums Go Down & Cyber Activity in the Russia-Ukraine War Go Up
ShadowTalk host Stefano alongside Rory bring you the latest in threat intelligence. This week they cover:
* 'RaidForums' has been shut down and seized
* SandWorm targets electrical substations in...
Read Post
Q1 2022 Vulnerability Roundup
In the first quarter of 2022, several high-severity vulnerabilities were targeted by threat actors to facilitate malicious campaigns. The first ...
Read Post
Q1 2022 Ransomware Roundup
As the new year has reached the end of its first quarter, it’s time for us to go back and ...
Read Post
Intelligence Collection Plans: Preparation breeds success
It’s been a little over a month since I wrote about how intelligence requirements (IRs) can help plan a cyber ...
Read Post
Team A vs Team B: What is Motivating Lapsus$?
In the past few weeks, the Lapsus$ threat group captured the security community’s attention with a series of brazen and ...
Read Post
Five things we learned from the Conti chat logs
At the end of February, the cybersecurity community was rocked by the appearance of alleged chat logs recording conversations between ...
Read Post
