Reposted by Tom Padden
New research from Insikt Group on a phishing campaign targeting Tajikistan attributed to TAG-110, a Russia-aligned threat actor, which overlaps with UAC-0063 and has been associated with APT28 (BlueDelta): www.recordedfuture.com/research/rus...
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics
Russia-aligned TAG-110 shifts to .dotm phishing lures in a 2025 campaign against Tajikistan’s public sector, advancing cyber-espionage in Central Asia.
www.recordedfuture.com
May 22, 2025 at 5:02 PM
New research from Insikt Group on a phishing campaign targeting Tajikistan attributed to TAG-110, a Russia-aligned threat actor, which overlaps with UAC-0063 and has been associated with APT28 (BlueDelta): www.recordedfuture.com/research/rus...
Reposted by Tom Padden
Reposted by Tom Padden
📣 Oops!... They did it again!!!
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
March 7, 2025 at 2:42 PM
📣 Oops!... They did it again!!!
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18
Reposted by Tom Padden
The number of companies providing vulnerabilities to China’s MSS has ballooned to 324, up from 151 in 2023! Most new companies are currently Tier 3. China’s ecosystem of vuln suppliers is frothy.
March 3, 2025 at 9:42 PM
The number of companies providing vulnerabilities to China’s MSS has ballooned to 324, up from 151 in 2023! Most new companies are currently Tier 3. China’s ecosystem of vuln suppliers is frothy.
Reposted by Tom Padden
Microsoft finds a team within Sandworm has been carrying out widespread initial access operations on behalf of the GRU group and focused on US, UK, Canada and Australia networks over 2024, exploiting Connectwise ScreenConnect and Fortinet FortiClient EMS. www.wired.com/story/russia...
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.
www.wired.com
February 12, 2025 at 5:07 PM
Microsoft finds a team within Sandworm has been carrying out widespread initial access operations on behalf of the GRU group and focused on US, UK, Canada and Australia networks over 2024, exploiting Connectwise ScreenConnect and Fortinet FortiClient EMS. www.wired.com/story/russia...
Reposted by Tom Padden
High octane stuff
November 30, 2024 at 9:04 AM
High octane stuff
Reposted by Tom Padden
What kind of actor would be interested in targeting eurozone gas storage, as well as Ukrainian electrical transmission infrastructure? strikeready.com/blog/ru-apt-...
RU APT targeting Energy Infrastructure (Unknown unknowns, part 3)
Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their p...
strikeready.com
November 29, 2024 at 5:14 PM
What kind of actor would be interested in targeting eurozone gas storage, as well as Ukrainian electrical transmission infrastructure? strikeready.com/blog/ru-apt-...
Reposted by Tom Padden
🚨 Don’t miss Tom Padden at #CYBERWARCON as he unpacks edge device targeting via 0-day exploits.
Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors.
🔗 www.cyberwarcon.com/registration
Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors.
🔗 www.cyberwarcon.com/registration
November 18, 2024 at 10:55 PM
🚨 Don’t miss Tom Padden at #CYBERWARCON as he unpacks edge device targeting via 0-day exploits.
Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors.
🔗 www.cyberwarcon.com/registration
Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors.
🔗 www.cyberwarcon.com/registration
Bit going on with edge device exploitation at the moment
labs.watchtowr.com/pots-and-pan...
labs.watchtowr.com/pots-and-pan...
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
Note: Since this is 'breaking' news and more details are being released, we're updating this post as more details become available (and as we think of better memes). Mash that F5 key every so often fo...
labs.watchtowr.com
November 19, 2024 at 9:59 AM
Bit going on with edge device exploitation at the moment
labs.watchtowr.com/pots-and-pan...
labs.watchtowr.com/pots-and-pan...
Reposted by Tom Padden
I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap
November 9, 2024 at 11:08 PM
I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap
Reposted by Tom Padden
@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...
www.volexity.com
November 15, 2024 at 8:02 PM
@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...
Reposted by Tom Padden
here's what today's russian apt phish campaign looked like, targeting ukraine
tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net
44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb
tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net
44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb
November 14, 2024 at 7:54 PM
here's what today's russian apt phish campaign looked like, targeting ukraine
tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net
44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb
tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net
44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb
