TTP Today Fraud & Intelligence Insights Report Q1-Q3 2024
CategoryDetailsThreat ActorsFraudsters targeting high-demand sectors using advanced techniques like BIN testing, OTP spoofing, SIM swapping,…
Diplomats Beware: Cloaked Ursa Phishing With a Twist
CategoryDetailsThreat ActorsCloaked Ursa (aka APT29, UAC-0004, Midnight Blizzard/Nobelium, Cozy Bear), linked to Russia's Foreign Intelligence…
Top Tools for Email OSINT: Discover, Validate, and Investigate
Tool NameSnov.io Email FinderTool DescriptionA web-based tool to find email addresses associated with domains or…
Fortinet VPN zero-day exploited by Chinese threat actor
CategoryDetailsThreat ActorsBrazenBamboo (China-linked threat actor).Campaign OverviewExploiting a zero-day vulnerability in Fortinet’s FortiClient VPN for Windows…
NodeStealer Malware Targets Facebook
CategoryDetailsThreat ActorsNodeStealer (Vietnamese threat actors); ClickFix (unattributed, including suspected Russian actors targeting Ukraine).Campaign OverviewNodeStealer targets…
Dark Web Profile: Moonstone Sleet
CategoryDetailsThreat ActorsMoonstone Sleet (aka Storm-1789), a North Korean state-sponsored APT group.Campaign OverviewActive since early 2024,…
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
CategoryDetailsThreat ActorsGLASSBRIDGE (umbrella group), DRAGONBRIDGE (linked campaigns), Haixun, DURINBRIDGE, Shenzhen Bowen MediaCampaign OverviewCoordinated influence campaigns…
OSINT Updates for November 23 , 2024
https://twitter.com/CovertShores/status/1860215391114657830 https://twitter.com/bamitav/status/1860135386091045318 https://twitter.com/DailyRansomware/status/1860174991288881252 https://twitter.com/SriLankaTweet/status/1860150865379860564 https://twitter.com/hornbilltv/status/1860256208420225052 https://twitter.com/OmegaMagnusTV/status/1860266368110579929 https://twitter.com/rtehrani/status/1860158839179403382
Investigating a SharePoint Compromise: IR Tales from the Field
CategoryDetailsThreat ActorsUnnamed attacker exploiting SharePoint CVE-2024-38094.Campaign OverviewExploited SharePoint vulnerability (CVE-2024-38094) for initial access; compromised Exchange…
Play Ransomware Group – Detection and Protection
CategoryDetailsThreat ActorsPlay Ransomware Group.Campaign OverviewCybercriminal group behind several major ransomware attacks, focusing on data encryption…