Thats pretty cool, the website from the Reuters blog on the CIA's flaws in Iranian & China operations was cached by The Wayback Machine. You can explore this "password" webform, used in 2011 by the CIA's informants: web.archive.org/web/2011020209… reuters.com/investigates/s…

Nice write-up on a new Chinese-language attack framework "Alchimist" targeting Windows, Linux and Mac machines by Cisco Talos Intelligence Group blog.talosintelligence.com/2022/10/alchim… I found one more c2: 45.32.74[.]229

strongly recommended for all Pegasus enjoyers

Check out our quick follow-up on Mandiant (part of Google Cloud) research on UNC4034 apt cluster who distribute their malware in a form of job offers from a big tech companies. blog.virustotal.com/2022/11/not-dr…

I bet most of you didn't know that you can query domains/urls by category in VT like that: entity:url title:"login" category:"bot networks" virustotal.com/gui/search/ent… Go grab the report for more hints and details on how we leverage it to identify compromised gov infrastructure.

I got lots of feedback on our recent training on how to do advanced VirusTotal queries (thanks for this!) and requests for slides to share, so here you go: Slides: assets.virustotal.com/reports/Threat… Video: brighttalk.com/webcast/18282/… Q&A: blog.virustotal.com/2022/11/threat…

VTI Cheat Sheet is finally live! Check it out for the most useful queries and tricks. Blogpost: blog.virustotal.com/2022/12/vt-int… Cheat Sheet pdf: virustotal.com/go/vti-cheatsh…

New YARA rule editor, interface to explore all the VT's crowdsourced rules and many other exciting details including slides and recording of our latest VirusTotal Hunting training session - blog.virustotal.com/2023/03/threat…

I know I'm around 1.5 years late, but looks like Microsoft Threat Intelligence included the ViceLeaker activity we covered in 2019 in their Iranian threat actors overview. Kaspersky, 2019: securelist.com/fanning-the-fl… Microsoft, 2021: microsoft.com/en-us/security…

ESET linked Lazarus DreamJob campaign with recent 3CX supply chain attacks: welivesecurity.com/2023/04/20/lin… Our previous write-up on DreamJob: blog.virustotal.com/2022/11/not-dr…

Breaking: Kaspersky reported on iOS exploit chain delivering spyware implant, their own employees are among the targets. securelist.com/operation-tria… Could be related to today's FSB statement: fsb.ru/fsb/press/mess…

Check out our report on malware we hunt in PyPI repository. Spoiler: there is a lot. blog.virustotal.com/2023/06/inside…

Have you wanted to take your own look at the #iOSTriangulation spyware? Well, we uploaded the #TriangleDB implant to VirusTotal: virustotal.com/gui/file/fd9e9…

>>>Why is it so rare to hear about Western cyber-attacks? Oh, I think we all know the answer to that question. bbc.com/news/technolog…

We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it. securelist.com/operation-tria…

You can pry my iPhone 13 mini from my cold, dead hands