Top Tools for Email OSINT: Discover, Validate, and Investigate
Tool NameSnov.io Email FinderTool DescriptionA web-based tool to find email addresses associated with domains or…
Fortinet VPN zero-day exploited by Chinese threat actor
CategoryDetailsThreat ActorsBrazenBamboo (China-linked threat actor).Campaign OverviewExploiting a zero-day vulnerability in Fortinet’s FortiClient VPN for Windows…
NodeStealer Malware Targets Facebook
CategoryDetailsThreat ActorsNodeStealer (Vietnamese threat actors); ClickFix (unattributed, including suspected Russian actors targeting Ukraine).Campaign OverviewNodeStealer targets…
Dark Web Profile: Moonstone Sleet
CategoryDetailsThreat ActorsMoonstone Sleet (aka Storm-1789), a North Korean state-sponsored APT group.Campaign OverviewActive since early 2024,…
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
CategoryDetailsThreat ActorsGLASSBRIDGE (umbrella group), DRAGONBRIDGE (linked campaigns), Haixun, DURINBRIDGE, Shenzhen Bowen MediaCampaign OverviewCoordinated influence campaigns…
OSINT Updates for November 23 , 2024
https://twitter.com/CovertShores/status/1860215391114657830 https://twitter.com/bamitav/status/1860135386091045318 https://twitter.com/DailyRansomware/status/1860174991288881252 https://twitter.com/SriLankaTweet/status/1860150865379860564 https://twitter.com/hornbilltv/status/1860256208420225052 https://twitter.com/OmegaMagnusTV/status/1860266368110579929 https://twitter.com/rtehrani/status/1860158839179403382
Investigating a SharePoint Compromise: IR Tales from the Field
CategoryDetailsThreat ActorsUnnamed attacker exploiting SharePoint CVE-2024-38094.Campaign OverviewExploited SharePoint vulnerability (CVE-2024-38094) for initial access; compromised Exchange…
Play Ransomware Group – Detection and Protection
CategoryDetailsThreat ActorsPlay Ransomware Group.Campaign OverviewCybercriminal group behind several major ransomware attacks, focusing on data encryption…
Royal Thai Police Database Breached, Claims Dark Web Actor
CategoryDetailsThreat ActorsDark web actor (identity unspecified).Campaign OverviewBreach of the PhpMyAdmin database of the Royal Thai…
T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms
CategoryDetailsThreat ActorsSalt Typhoon (Chinese state-sponsored hacking group).Campaign OverviewLarge-scale cyber-espionage campaign targeting US and international telecom…