💀 Know Your Enemy #7 — Charming Kitten / APT35 (Iran) Iranian espionage actor using fake conference invites, spoofed journalists, and phishing portals. Targets academia, human-rights groups, and Western government email accounts.

💀 Know Your Enemy #8 — LockBit (Ransomware Syndicate) Ransomware-as-a-Service collective, top of global volume charts 2020–2024. Law-enforcement disruption in 2024 hit infrastructure, but offshoots persist. Known for data theft + double extortion tactics.

💀 Know Your Enemy #9 — ALPHV / BlackCat (Ransomware) Emerging in 2022, coded in Rust for cross-platform attacks. Affiliates breach enterprises, encrypt servers, and leak data on extortion sites. Recently linked to major US healthcare and finance breaches.

💀 Know Your Enemy #10 — Scattered Spider (USA/UK-based criminal collective) Also tracked as UNC3944 or Starfraud, this financially motivated group excels in social engineering and SIM-swapping to breach large enterprises. Targets: telecoms, cloud providers, and finance.

💀 Know Your Enemy #11 — FIN7 (Eastern Europe — criminal group) Long-running financially motivated operation active since 2013. Known for POS malware, ransomware partnerships, and high-end intrusion tools disguised as pen-testing software.

Happy New Year from the arcX team! We hope you have a great 2026, and we hope to make it past the first 48 hours of dry January 😂

Threat data is not threat intelligence. Data is raw facts. Intelligence is insight that drives a decision. If nobody's making a decision based on it, it's just expensive noise. Learn CTI fundamentals for free: arcx.io/courses/cyber-… #cybersecurity #cyberthreatintelligence

Hot take: most organisations are drowning in threat feeds and starving for actual analysis. Buying more data won't fix an analysis problem. Agree or disagree? #cybersecurity #cyberthreatintelligence #threatintelligence

The intelligence cycle has four phases: Planning and direction Collection Processing and analysis Dissemination Most teams skip phase one then wonder why their output isn't useful. #cybersecurity #cyberthreatintelligence #threatintelligence

"Tell us about cyber threats" is not an intelligence requirement. "Which threat actors target UK healthcare using our EHR platform?" is. Specificity matters. #cybersecurity #cyberthreatintelligence #threatintelligence

Threat = intent + capability Vulnerability = weakness in defences Impact = business consequence Risk = all three combined These words are not interchangeable. #cybersecurity #cyberthreatintelligence #threatintelligence

Unpopular opinion: a one-person CTI function that answers the right questions beats a 20-person team that doesn't. Headcount isn't the problem. Focus is. #cybersecurity #cyberthreatintelligence #threatintelligence

Strategic intelligence: for board members, plain language, quarterly Operational intelligence: for defenders, IOCs, daily Tactical intelligence: for hunters, TTPs, ongoing Different audiences. Different products. Don't mix them up. #cybersecurity #cyberthreatintelligence

A 50-page threat report is useless if your CISO needed a one-page brief. Intelligence that doesn't reach decision-makers in usable formats isn't intelligence. It's documentation. #cybersecurity #cyberthreatintelligence #threatintelligence

Question for CTI folks: Do you let threat intelligence drive vulnerability patching priority? Or is a critical CVE always a critical CVE regardless of who's exploiting it? Genuinely curious where people land on this. #cybersecurity #cyberthreatintelligence #threatintelligence

The best intelligence in the world is worthless if: → It arrives too late → It's in the wrong format → It doesn't reach the right people → Nobody acts on it Production is only half the job. #cybersecurity #cyberthreatintelligence #threatintelligence

IOCs without context are just strings. What malware family? What campaign? What actor? What should you do if you see it? Data without analysis isn't intelligence. #cybersecurity #cyberthreatintelligence #threatintelligence

We've seen million-pound threat intelligence platforms that couldn't answer basic questions about who targets the organisation. We've also seen free tools in the right hands produce genuinely actionable insight. The tool isn't the differentiator. #cybersecurity

Timely and 70% confident beats thorough and too late. Intelligence that arrives after the decision has been made is just history. #cybersecurity #cyberthreatintelligence #threatintelligence

Three ways organisations waste money on threat intelligence: 1. Buying feeds nobody analyses 2. Hiring analysts then burying them in alert triage 3. Subscribing to reports nobody reads Any of these sound familiar? #cybersecurity #cyberthreatintelligence #threatintelligence