Lawrence S.
@lawrencesec.bsky.social
🇬🇧 Threat Research @ Recorded Future.
I Like Tracking ASNs and ISPs for some reason...
I Like Tracking ASNs and ISPs for some reason...
Pinned
Lawrence S.
@lawrencesec.bsky.social
· Nov 6
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
A good piece highlighting the EU's continued inaction following recent sanctions, essentially allowing these enablers to continue their operations.
🕵️ Aéza, linked to the pro-Kremlin Doppelganger disinfo network, has been sanctioned by the US, Australia, and the UK for aiding cybercriminals. The EU, however, has taken no action. @vsquare.bsky.social @investigacecz.bsky.social
From Darknet to Disinfo: How a ‘Bulletproof’ Russian Host Evades EU Sanctions - VSquare.org
The Russian server hosting company Aéza is known for its involvement in the pro-Kremlin Doppelganger disinformation campaign, which spread propaganda through look-alike clones of major news outlets.
vsquare.org
December 5, 2025 at 7:35 PM
A good piece highlighting the EU's continued inaction following recent sanctions, essentially allowing these enablers to continue their operations.
Reposted by Lawrence S.
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.
Predator spyware uses new infection vector for zero-click attacks
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.
www.bleepingcomputer.com
December 4, 2025 at 8:48 PM
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.
Reposted by Lawrence S.
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
December 4, 2025 at 11:37 AM
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
Reposted by Lawrence S.
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 4:18 AM
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
1/ It's nice to see the topic of bulletproof hosters and Threat Activity Enablers gaining more mainstream attention; however, a bigger problem than endless shell companies exists, and that is RIPE RIR policy. bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
November 26, 2025 at 2:11 PM
1/ It's nice to see the topic of bulletproof hosters and Threat Activity Enablers gaining more mainstream attention; however, a bigger problem than endless shell companies exists, and that is RIPE RIR policy. bindinghook.com/neutral-inte...
Reposted by Lawrence S.
NSA Joins CISA and Others to Release Guidance on Mitigating Malicious Activity from Bulletproof Hosting Provider Infrastructure
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
www.nsa.gov
November 20, 2025 at 12:03 PM
NSA Joins CISA and Others to Release Guidance on Mitigating Malicious Activity from Bulletproof Hosting Provider Infrastructure
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
Reposted by Lawrence S.
The national cyber director and a top FBI official shared more details about the forthcoming Trump administration document Tuesday. via @timstarks.bsky.social cyberscoop.com/trump-cyber-...
Completed draft of cyber strategy emphasizes imposing costs, industry partnership
The forthcoming Trump administration cyber strategy will introduce six key pillars, emphasizing deterrence of cyber threats and enhanced industry partnerships, with action items and deliverables for U...
cyberscoop.com
November 19, 2025 at 2:57 PM
The national cyber director and a top FBI official shared more details about the forthcoming Trump administration document Tuesday. via @timstarks.bsky.social cyberscoop.com/trump-cyber-...
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
ofac.treasury.gov
November 19, 2025 at 5:17 PM
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
1/ Reports indicating that CrazyRDP is the bulletproof hoster behind this seizure in the Netherlands. nltimes.nl/2025/11/14/d...
Dutch police seize thousands of servers used for ransomware, child sex abuse footage
The Dutch police seized thousands of servers in The Hague and Zoetermeer, used solely for hosting criminal activities. According to the police, the hosting company rented space to criminals to carry o...
nltimes.nl
November 15, 2025 at 12:07 PM
1/ Reports indicating that CrazyRDP is the bulletproof hoster behind this seizure in the Netherlands. nltimes.nl/2025/11/14/d...
1/ [UPDATE] As of November 10, 2025, metaspinner net GmbH has provided substantial evidence confirming Insikt Group’s original assessment that their identity was unlawfully and fraudulently used in the registration of #AS209800.
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 12, 2025 at 9:51 PM
1/ [UPDATE] As of November 10, 2025, metaspinner net GmbH has provided substantial evidence confirming Insikt Group’s original assessment that their identity was unlawfully and fraudulently used in the registration of #AS209800.
Reposted by Lawrence S.
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure gbhackers.com/german-isp-a...
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure
German hosting provider aurologic GmbH has emerged as a critical hub within the global malicious infrastructure ecosystem, according to recent intelligence reporting.
gbhackers.com
November 9, 2025 at 3:24 PM
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure gbhackers.com/german-isp-a...
Reposted by Lawrence S.
Malicious Infrastructure Finds Stability with aurologic GmbH
Malicious Infrastructure Finds Stability with aurologic GmbH
assets.recordedfuture.com
November 7, 2025 at 11:24 AM
Malicious Infrastructure Finds Stability with aurologic GmbH
Reposted by Lawrence S.
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
cybersecuritynews.com
November 8, 2025 at 12:41 AM
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 6, 2025 at 11:30 AM
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
Reposted by Lawrence S.
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals
Explore how Russia’s cybercriminal ecosystem evolved under Operation Endgame—where state control, selective enforcement, and criminal alliances collide.
www.recordedfuture.com
October 22, 2025 at 2:26 PM
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Reposted by Lawrence S.
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 8:45 AM
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
Reposted by Lawrence S.
Great opinion piece by my colleague @lawrencesec.bsky.social on an extremely timely and important topic!
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
October 21, 2025 at 8:59 AM
Great opinion piece by my colleague @lawrencesec.bsky.social on an extremely timely and important topic!
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 8:53 AM
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
Reposted by Lawrence S.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 7:19 AM
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
Reposted by Lawrence S.
#Surveillance has become central to #counterterrorism in democracies, but its spread into daily life raises a key question: how much monitoring can a free society absorb without losing trust? bindinghook.com/why-democrac...
Why democracies need emotional resilience against surveillance
Surveillance technologies have become central to democratic counterterrorism, reshaping how citizens relate to the state. By extending into everyday life, these tools not only promise protection but a...
bindinghook.com
October 16, 2025 at 11:19 AM
#Surveillance has become central to #counterterrorism in democracies, but its spread into daily life raises a key question: how much monitoring can a free society absorb without losing trust? bindinghook.com/why-democrac...
Reposted by Lawrence S.
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
October 1, 2025 at 1:03 PM
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
Reposted by Lawrence S.
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 24, 2025 at 6:57 PM
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by Lawrence S.
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.
www.nbcnews.com
September 23, 2025 at 6:49 PM
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.