Topic
Threat Intelligence.
60 stories of advisories, analysis, and defensive guidance in this topic.
Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Defender Guidance: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Detection Notes: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Risk Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Brief: BreachForums breach exposes hundreds of thousands of cybercriminal accounts
Dark Reading reported that a BreachForums breach exposed 324,000 cybercriminals. The incident is useful for threat intelligence but should not be overstated beyond the source summa
Defender Guidance: BreachForums breach exposes hundreds of thousands of cybercriminal accounts
Dark Reading reported that a BreachForums breach exposed 324,000 cybercriminals. The incident is useful for threat intelligence but should not be overstated beyond the source summa
Detection Notes: BreachForums breach exposes hundreds of thousands of cybercriminal accounts
Dark Reading reported that a BreachForums breach exposed 324,000 cybercriminals. The incident is useful for threat intelligence but should not be overstated beyond the source summa
Risk Brief: BreachForums breach exposes hundreds of thousands of cybercriminal accounts
Dark Reading reported that a BreachForums breach exposed 324,000 cybercriminals. The incident is useful for threat intelligence but should not be overstated beyond the source summa
Brief: DDoSia hacktivist attacks continue to shape disruption risk
Dark Reading reported DDoSia hacktivist activity. Defenders should prepare DDoS runbooks, traffic baselines, and provider escalation paths.
Defender Guidance: DDoSia hacktivist attacks continue to shape disruption risk
Dark Reading reported DDoSia hacktivist activity. Defenders should prepare DDoS runbooks, traffic baselines, and provider escalation paths.
Detection Notes: DDoSia hacktivist attacks continue to shape disruption risk
Dark Reading reported DDoSia hacktivist activity. Defenders should prepare DDoS runbooks, traffic baselines, and provider escalation paths.
Risk Brief: DDoSia hacktivist attacks continue to shape disruption risk
Dark Reading reported DDoSia hacktivist activity. Defenders should prepare DDoS runbooks, traffic baselines, and provider escalation paths.
Brief: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Defender Guidance: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Detection Notes: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Risk Brief: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Brief: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Defender Guidance: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Detection Notes: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Risk Brief: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Brief: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Defender Guidance: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Detection Notes: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Risk Brief: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Brief: DPRK Contagious Interview activity continues with malicious npm packages
Dark Reading reported DPRK-linked Contagious Interview activity involving malicious npm packages. Software teams should review package provenance, developer workstations, and secre
Defender Guidance: DPRK Contagious Interview activity continues with malicious npm packages
Dark Reading reported DPRK-linked Contagious Interview activity involving malicious npm packages. Software teams should review package provenance, developer workstations, and secre
Detection Notes: DPRK Contagious Interview activity continues with malicious npm packages
Dark Reading reported DPRK-linked Contagious Interview activity involving malicious npm packages. Software teams should review package provenance, developer workstations, and secre
Risk Brief: DPRK Contagious Interview activity continues with malicious npm packages
Dark Reading reported DPRK-linked Contagious Interview activity involving malicious npm packages. Software teams should review package provenance, developer workstations, and secre
Brief: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Defender Guidance: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Detection Notes: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Risk Brief: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Brief: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Defender Guidance: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Detection Notes: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Risk Brief: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Brief: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Defender Guidance: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Detection Notes: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Risk Brief: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Brief: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Defender Guidance: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Detection Notes: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Risk Brief: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Brief: CISA warns on Brickstorm backdoor activity in VMware vSphere environments
Dark Reading reported a CISA warning about Brickstorm backdoor activity in VMware vSphere environments tied to China-linked operations. Virtualization management planes need strict
Defender Guidance: CISA warns on Brickstorm backdoor activity in VMware vSphere environments
Dark Reading reported a CISA warning about Brickstorm backdoor activity in VMware vSphere environments tied to China-linked operations. Virtualization management planes need strict
Detection Notes: CISA warns on Brickstorm backdoor activity in VMware vSphere environments
Dark Reading reported a CISA warning about Brickstorm backdoor activity in VMware vSphere environments tied to China-linked operations. Virtualization management planes need strict
Risk Brief: CISA warns on Brickstorm backdoor activity in VMware vSphere environments
Dark Reading reported a CISA warning about Brickstorm backdoor activity in VMware vSphere environments tied to China-linked operations. Virtualization management planes need strict
Brief: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Defender Guidance: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Detection Notes: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Risk Brief: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Brief: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Defender Guidance: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Detection Notes: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Risk Brief: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Brief: Venezuela military operation faces reported cyberattack
Dark Reading reported cyberattack activity tied to a Venezuela military operation. The source listing supports a regional threat-intelligence brief without technical overclaiming.
Defender Guidance: Venezuela military operation faces reported cyberattack
Dark Reading reported cyberattack activity tied to a Venezuela military operation. The source listing supports a regional threat-intelligence brief without technical overclaiming.
Detection Notes: Venezuela military operation faces reported cyberattack
Dark Reading reported cyberattack activity tied to a Venezuela military operation. The source listing supports a regional threat-intelligence brief without technical overclaiming.
Risk Brief: Venezuela military operation faces reported cyberattack
Dark Reading reported cyberattack activity tied to a Venezuela military operation. The source listing supports a regional threat-intelligence brief without technical overclaiming.