RATatouille: Cooking Up Chaos in the I2P Kitchen
This article was originally distributed as a private FLINT report to our customers on 29 January 2025. Introduction During our daily tracking and analysis routine at TDR (Threat Detection...Read More
Detection engineering at scale: one step closer (part two)
In this article, we will build upon the previous discussion of our detection approach and associated challenges by detailing the regular and automated actions implemented through our CI/CD pipelines.Read More
Targeted supply chain attack against Chrome browser extensions
On 26 December 2024, the data security company Cyberhaven informed its users about a compromise of their Chrome browser extension. The attacker exploited the extension developer's permissions, which had...Read More
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service
Introduction In December 2024, during our daily threat hunting routine, we uncovered a new Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 accounts. These phishing pages have been circulating since...Read More
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central...
This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan...Read More
PlugX worm disinfection campaign feedbacks
In September 2023, we successfully took ownership of one of the IP addresses used by the PlugX worm—a variant of PlugX associated with Mustang Panda, which possesses worming capabilities...Read More
Happy YARA Christmas!
In the ever-evolving landscape of cybersecurity, effective threat detection is paramount. Since its creation, YARA stands out as a powerful tool created to identify and classify malware. Originally developed...Read More
Detection engineering at scale: one step closer (part one)
Security Operations Center (SOC) and Detection Engineering teams frequently encounter challenges in both creating and maintaining detection rules, along with their associated documentation, over time. These difficulties stem largely...Read More
Ransomware-driven data exfiltration: techniques and implications
Introduction This report focuses on the exfiltration techniques leveraged by ransomware and extortion groups in lucrative campaigns. It aims to provide a comprehensive analysis of the techniques and tools...Read More
Helldown Ransomware: an overview of this emerging threat
This blogpost provide a comprehensive Analysis of Helldown: Tactics, Techniques, and Procedures (TTPs).Read More
