Intel 471

Intel 471's global intelligence team today published an in-depth report on the underground world of crypting services and the major players involved. Malware crypting has been around since the very early days of cybercrime. Similar to infrastructure providers and illicit exchanges, the crypting service sub-economy is a key enabler of #cybercrime around the world - allowing threat actors to easily outsource an otherwise complex component of the attack chain for all types of malware threats, including #ransomware. Opening the window into these services - how they operate, the techniques and capabilities used, and the major players involved - helps demystify the threat environment and improves certainty for the good guys protecting their organizations.

In the latest episode of the "Happy Hunting" series, Lee Archinal explores Turla, a cyber espionage group linked to Russia's FSB. Active since at least 2004, Turla targets a wide range of sectors including government, military, education, research, and pharmaceuticals. They are known for their sophisticated malware, such as Snake (also known as Uroburos), which is considered one of the most advanced cyber espionage tools developed by the Turla group. A notable technique discussed in the episode is masquerading, where malware mimics legitimate services to evade detection, specifically using names and locations that blend with native executables. "Happy Hunting" is crafted by the community, for the community. We tackle real-world cybersecurity challenges, highlighting the intricacies and complexities of modern threats. Your insights are invaluable to us! Have a topic you’re eager to explore? Share your suggestions in the comments below 👇 🤝 Become part of our community through a free Community Account on the HUNTER Platform. This account gives you access to several Hunt Package Collections along with a wealth of other resources to enhance your threat hunting skills. 🔗 Join our community today: https://lnkd.in/gZdt5rTE 🔗 Already have a HUNTER Account? Go straight to the Copying Files From Native Windows Directory for Masquerading Hunt Package: https://lnkd.in/gc8tJnFE #threathunting #cybersecurity #threatintelligence #threatintel #securityprofessionals #informationsecurity #masquerading #turla

In the latest episode of our #ReimaginingCyber podcast series, host Rob Aragao interviews Ashley J., a senior intelligence analyst at Intel 471, discussing her transition from the FBI to her current role - highlighting her expertise in malware trends and #AI abuse.  Listen to Part 1️⃣ of their conversation, available now: https://lnkd.in/gF4aUVvg

Unwind with us at our exclusive Happy Hour hosted by Intel 471 and Analyst1 on August 6th at the 1923 Prohibition Bar at Black Hat USA! Enjoy drinks while going back in time to the Roaring Twenties and socialize with your fellow cybersecurity professionals! Get your ticket now! https://hubs.la/Q02HDLjR0 We can’t see you there! #BlackHatUSA #BlackHatConference #Intel471 #Analyst1

Dive into the world of intelligence-driven threat hunting with Intel 471's Command and Control Workshop on July 31, 2024 from 12:00 – 1:00 PM ET! Explore MITRE ATT&CK Tactic TA0011: Command and Control alongside our seasoned cyber security professionals. Gain insights into command and control mechanics, adversary strategies, and effective threat hunting methods for your environment. This isn't your typical workshop – it is fully interactive! You'll receive your very own threat hunting environment with real-life data and access to essential tools. Plus, upon completing the final challenge, you'll earn a coveted Threat Hunting – Command and Control (Level I) certification ⭐ ️ Don't miss out, register for the workshop today 👇 https://lnkd.in/gr8txnge #threathunting #cybersecurity #threatintelligence #informationsecurity #securityprofessionals #commandandcontrol #mitreattack

The countdown to #BlackHat2024 has begun, and Cyborg Security & Intel 471 are gearing up for a fantastic event. This year, we’re excited to have not one, but two booths - #4525 & #2813! Join us for an engaging experience as we take intelligence-driven threat hunting to a new level. Here’s what we have lined up for you: ✅ Visit us at our booths for riveting discussions, live demos, and expert advice on threat hunting and threat intelligence strategies. ✅ Several massive giveaways, and top-tier swag, including a new t-shirt that we can’t wait to show you 😉 ✅ A 2-day training session at #BlackHatUSA led by our very own Senior Threat Hunter, Lee Archinal!  ✅ A special happy hour event co-hosted with Analyst1 at the 1923 Prohibition Bar! To confirm your ticket and get more details, register here: https://lnkd.in/gPSTYua9 Get ready to explore the world of intelligence-driven threat hunting like never before. Book your one-on-one time to meet with us here: https://lnkd.in/gx-Ynnqd We can’t wait to see you there! #BlackHat2024 #CyberSecurity #ThreatHunting #ThreatIntelligence #IntelDrivenThreatHunting

Volt Typhoon is a state-sponsored threat actor group that establishes persistence in critical infrastructure. Here's how to perform intelligence-driven threat hunting to find possible signs of an attack.

One of the "old wolves" of cybercrime has finally been sentenced. For many of us veteran cybercrime fighters, it's a strange feeling to see this chapter close nearly 15 years later. Jim Craig, Hal Pomeranz and I spent three years at the FBI, starting in 2009, dedicated to tracking down Penchukov and his crew, as well as others like Bogachev and Yakubets. We knew them as Tank, MonsterTrack (or Slavik) and Aqua. In 2010, they were the targets of the international takedown operation dubbed Trident Breach. At 31 years old, I had recently completed nearly 12 years of service in the United States Marine Corps, where I participated in numerous exciting operations. But supporting this investigation and Trident Breach was something else. Unfortunately, it didn't work as they all continued to be very active for many years after that operation. During that time the official losses attributed to Tank's crew came to $70M, but I'm confident it was closer to $100M. This was of course distributed across all the various criminal services that facilitated the activity - mule networks, cashout crews, malware coders, bulletproof hosters, spammers, etc. They all got a piece of the pie while businesses in the US and UK often had to shut their doors or start over from scratch. It's impossible to fully quantify the impact and damage these individuals caused globally as they also helped shape the cybercrime ecosystem we see today. That's why they are called the "old wolves". Ironically, they also contributed to the emergence of the Cyber Threat Intelligence industry, which was largely created to protect businesses from their activities. I wasn't at the sentencing, but I'm told Tank has aged significantly since we saw him in 2009 emptying the payroll accounts of businesses across the US and DJing at Red Line and Liverpool clubs in Donetsk, Ukraine as DJ Slava Rich. I suppose years of war in Ukraine and living as an internationally wanted man will do that to you. Some past reporting worth a read: Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison https://lnkd.in/g5jd_Ffj Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation https://lnkd.in/gCggXQeH Inside the Hunt for Russia’s Most Notorious Hacker https://lnkd.in/gnTwj8F3

If you’re going to be in Las Vegas for Black Hat USA, let us know! We'd love to connect in person. Make sure to stop by both of our booths #4524 and #2813 August 7th-8th to meet our team and unlock the power of intelligence-driven threat hunting. We hope to see you there! Book time with the team: https://hubs.la/Q02HbBbh0 #CyberSecurity #ThreatHunting #Intel471 #BHUSA2024

BreachForums, an infamous cybercriminal forum, is back in action after authorities disrupted it. Here's a look at the forum, including why it's back online and what may lie ahead.