Excellent summary and analysis 👇 Fog of war: how the Ukraine conflict transformed the cyber threat landscape @google blog.google/threat-analysi… Shane Huntley Mandiant (part of Google Cloud)

Meet the FSB contractor: 0Day Technologies An investigation into the FSB’s digital surveillance and disinformation contractor (🧵) clement-briens.com/2023/04/01/mee…

Don’t let a malicious actor take advantage of you. Learn how to hunt and mitigate a PRC state-sponsored cyber actor who may be using your systems’ resources to hide their activities. nsa.gov/Press-Room/Pre…

6 months ago, I started working on a way to better map the #ransomware ecosystem and its evolution, including rebrands.🔎 I am really happy to share this handmade cartography, which is based on Orange Cyberdefense resources, #OSINT and reverse engineering. ➡️ github.com/cert-orangecyb…

Malware-as-a-Service is a relatively new business model in the malware space, however it's growing quickly, mainly due to the simple fact that malware developers can quickly scale attacks, with little effort. Check out @Kaspersky's recent research. bit.ly/3Nxw4uc

In partnership with Cybersecurity and Infrastructure Security Agency, we're announcing new steps to protect our customers and improve the security of Microsoft cloud platforms. Learn how this will help defend against nation-state cyber threats: msft.it/6016gfokq #CloudSecurity #IncidentResponse

How most ransomware incidents actually work 🔻 Access brokers sell access to compromised networks to ransomware-as-a-service affiliates, who conduct the intrusions. Ransomware-as-a-service affiliates prioritize targets based on intended impact or perceived profit Intrusion

Chandrayaan-3 Mission: 'India🇮🇳, I reached my destination and you too!' : Chandrayaan-3 Chandrayaan-3 has successfully soft-landed on the moon 🌖!. Congratulations, India🇮🇳! #Chandrayaan_3 #Ch3

We’re releasing a second version of our threat matrix for storage services, a structured tool that can help identify and analyze potential security threats on data stored in cloud storage services. Learn about the new attack techniques in the matrix: msft.it/60119ZQd9

💢Active Directory: Advanced Threat Hunting - In-depth investigation and analysis of the Active Directory with ADRecon!💢 Microsoft GitHub ATT&CK Microsoft Security Prashant Mahajan ADRecon #Microsoft #ActiveDirectory #MITREATT&CK #Windows #mvpbuzz 👇👇 github.com/tomwechsler/Ac…

Advanced Threat Intel Queries - Catching 83 Qakbot Servers With Regex, Censys and TLS Certificates This (Free) writeup includes a detailed walkthrough, IOC's and links to all queries used. #Malware #ThreatIntel embee-research.ghost.io/advanced-threa…

Additional TTPs from Midnight Blizzard campaign “Due to the heavy use of proxy infrastructure with a high changeover rate, searching for traditional IOCs, such as infrastructure IP addresses, is not sufficient to detect this type of…activity” 👆👆 microsoft.com/en-us/security…

A Beginners Guide to Tracking Malware Infrastructure New post with 11 Examples (Including Cobalt Strike and Qakbot) that you can use to query and track C2’s, Open Directories and More🔥 (Special thanks to Censys 🥳) censys.com/a-beginners-gu… #threatintel #malware

"Microsoft Signed my Malware" Doug Bienstock (Jared Wilson), Mandiant Jared Wilson (Doug Bienstock) , Mandiant Barry Vengerik (BarryV), Mandiant 14/15

Our #CTI World Watch (OCD) team just updated their #ransomware families tree. This 26th version includes many newcomers as well as updated relationships.🧐 Again, feel free to share your feedback! ➡️github.com/cert-orangecyb… Mar_Pich Orange Cyberdefense #rebrand

🚨EVOLVING THREAT ALERT🚨 The NCSC and international partners 🇺🇸🇨🇦 have issued a warning today about the continuing threat from Russia state-aligned actors targeting critical infrastructure. Read more 🧵

Jazzed to be attending PIVOTcon next week! And looking forward to hearing and learning from the best...and seeing familiar faces!

As far as pivoting is concerned in CTI, you can pretty much do it all between VirusTotal, Censys & urlscan.io 🐧 I have taken all Artifact types and their features from the Awesome Pivot Atlas maintained by Amitai Cohen & mapped it against sources & where to find them Links ⬇️

So Censys just deployed the "suspicious-open-dir" label to their search engine. So far it appears a game changer, giving very solid hit rates on finding malicious infrastructure. So for today, this will be a thread documenting my findings using the new feature. 1/x

#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025 Remember - one track,30m - no recording/streaming/tweeting. U should feel comfy to share more - No TLP:WHITE - Original content only Let us guide u through with a little meme-thread #CTI #ThreatIntel 1/10