Which Ransomware payload is deployed at the end of a killchain is pretty much a stylistic choice by the attackers. Human Operated Ransomware campaigns overlap in their entry vectors, C2 tools, and lateral movement techniques- and also in viable defenses. aka.ms/human-operated…

Thanks for your patience, class! Took a little hiatus for a month. But we're back! In week 5 of “Lies & Disinformation” Georgetown University, we pivoted from Russian influence activities to Chinese and Iranian IO state actors.

It's almost as if there are companies providing/selling capabilities whether its Implants, Exploits, or all of the above and what you may see here are downstream customers. Ned Moran and I covered this a little bit in shadowserver.org/news/the-itali… from 2015.

There are a number of these kinds of examples where this kind of sharing can be inferred too in the infrastructure side of things, but.. this is Twitter and they probably also read the same tweets the defenders do.

While MuddyWater's link to ransomware remains tenuous and unproven, the group is heavily invested in custom tool development. From PowerShell to .NET to C++ malware, Muddy is fast approaching other groups' capabilities. Sean Lyngaas reports w/ lines from me cyberscoop.com/muddywater-ira…

This. 100 times, this.