BLOG POST: A write-up on some infrastructure we were tracking during 2024, connected to both #SmartApeSG and #NetSupportRAT activities. They do usually follow one another around but we've exposed direct links from a management and oversight perspective. team-cymru.com/post/tracing-t…

Good news (at first glance): Silent Connection Ltd and Dolphin 1337 Limited, two UK-based corporations flagged by Spamhaus as being used for bulletproof hosting, were compulsory dissolved on January 28th and January 14th, respectively. 🙌 Unfortunately, their networks (AS215240

We have an open position in our malware analysis team, looking for a senior profile: workforcenow.adp.com/mascsr/default… Feel free to ask me any questions if I can help :)

Me trying to make my talk submission slightly more interesting 😂

Looking to get an EU job at MSTIC/TAG or equivelant. PM me if you can get me a referral

Is there anyone working at Cloudflare available? I think it's time to address the malware situation and start kicking some a** 🔥

Our team at Microsoft is looking for a senior security researcher to join the fight. We are a global threat hunt team who work tirelessly to protect Microsoft, our customers and make the digital world a safer place. If you are located in or near Cheltenham, UK and interested,

Hoy hoy! Rdv demain Mardi 8 Avril, 21h as usual ! 🤝 Topics: - Threat Intel / Analyse Infra & C2🔎 - Detection & Analyse de Data-Leaks 🌊 Le tout en compagnie de The Brofessor & Ozer 😎🫰 twitch.tv/thelaluka

AI is helping on my day-to-day tasks:

Since it’s DPRK time for everyone, it’s our turn to share some insights regarding the infrastructure 😊

Excited to share that the #OSINTVillage at leHACK is back this year on June 27–28, 2025! 🎉 We've got some exciting things planned, so mark your calendars. While we prepare for more updates (coming soon!), you can revisit some of the insightful talks from last year on

Hey :) For the second year in a row, I'm incredibly excited to present my research at Virus Bulletin - this time in Berlin, on Friday, September 26 : virusbulletin.com/conference/vb2… Hope to see you there! #vbconference #VB2025

Hey :) If you're tracking the SideWinder #APT, they've been reusing the same RTF file to launch new campaigns for months. Still worth monitoring, it can reveal upcoming C2 infrastructure: virustotal.com/gui/file/1955c…

To entities in India: A few PK IPs have direct access to your cameras and routers (Fortinet, MikroTik confirmed). NetFlow analysis shows clear evidence. Please review any inbound connections from: - 154.192.156[.]28 - 154.192.156[.]56 - 154.192.74[.]127 - 154.192.0[.]108

Hey :) Heading to Botconf next week! The agenda looks great, as it does every year, and I’m really looking forward to the talks and catching up with folks :) If you’re going too and want to chat about tracking bad guys (or anything else), feel free to reach out!

🚀 Take your malware analysis skills to the next level with Exalyze Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections. 👉 exalyze.io Exalyze

If you’ve been laid off from a cyber intel position, please reach out if you’d like to come to SLEUTHCON.

BLOG POST: We are once again proud to have been involved in #OperationEndgame, this time helping to disrupt #DanaBot. We also got to collaborate closely with our buddies at Black Lotus Labs. You can read about our shared input in our co-authored blog! team-cymru.com/post/inside-da…