TTP Today Fraud & Intelligence Insights Report Q1-Q3 2024

CategoryDetailsThreat ActorsFraudsters targeting high-demand sectors using advanced techniques like BIN testing, OTP spoofing, SIM swapping,…

Diplomats Beware: Cloaked Ursa Phishing With a Twist

CategoryDetailsThreat ActorsCloaked Ursa (aka APT29, UAC-0004, Midnight Blizzard/Nobelium, Cozy Bear), linked to Russia's Foreign Intelligence…

Top Tools for Email OSINT: Discover, Validate, and Investigate

Tool NameSnov.io Email FinderTool DescriptionA web-based tool to find email addresses associated with domains or…

Fortinet VPN zero-day exploited by Chinese threat actor

CategoryDetailsThreat ActorsBrazenBamboo (China-linked threat actor).Campaign OverviewExploiting a zero-day vulnerability in Fortinet’s FortiClient VPN for Windows…

NodeStealer Malware Targets Facebook 

CategoryDetailsThreat ActorsNodeStealer (Vietnamese threat actors); ClickFix (unattributed, including suspected Russian actors targeting Ukraine).Campaign OverviewNodeStealer targets…

Dark Web Profile: Moonstone Sleet

CategoryDetailsThreat ActorsMoonstone Sleet (aka Storm-1789), a North Korean state-sponsored APT group.Campaign OverviewActive since early 2024,…

Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

CategoryDetailsThreat ActorsGLASSBRIDGE (umbrella group), DRAGONBRIDGE (linked campaigns), Haixun, DURINBRIDGE, Shenzhen Bowen MediaCampaign OverviewCoordinated influence campaigns…

OSINT Updates for November 23 , 2024

https://twitter.com/CovertShores/status/1860215391114657830 https://twitter.com/bamitav/status/1860135386091045318 https://twitter.com/DailyRansomware/status/1860174991288881252 https://twitter.com/SriLankaTweet/status/1860150865379860564 https://twitter.com/hornbilltv/status/1860256208420225052 https://twitter.com/OmegaMagnusTV/status/1860266368110579929 https://twitter.com/rtehrani/status/1860158839179403382

Investigating a SharePoint Compromise: IR Tales from the Field

CategoryDetailsThreat ActorsUnnamed attacker exploiting SharePoint CVE-2024-38094.Campaign OverviewExploited SharePoint vulnerability (CVE-2024-38094) for initial access; compromised Exchange…

Play Ransomware Group – Detection and Protection

CategoryDetailsThreat ActorsPlay Ransomware Group.Campaign OverviewCybercriminal group behind several major ransomware attacks, focusing on data encryption…