@BushidoToken Threat Intel

Introduction The aim of this blog is to highlight the 2024 global cybersecurity trends that defenders can study to prepare themselves for the threats of 2025. The Top 10 Cyber Threats of 2024 had several interesting themes, such as aggressive cyber espionage campaigns from Russia and China, new cases of state-sponsored cybercrime from Iran and North Korea, ground breaking ransomware attacks, and multiple disruption events that were notable. #1 The Snowflake Campaign This year, Snowflake was the center of a historic data breach campaign . Snowflake is a cloud-hosted service that allows companies to store huge datasets. In May, up to 165 customers had their databases accessed and stolen using valid login credentials. In June, the stolen data was offered on the English-speaking cybercrime community known as BreachForums, which was resurrected following a takedown by the FBI earlier in the year. The aftermath of the Snowflake campaign has been staggering. The publicly known impact ...

Introduction Cyber Threat Intelligence (CTI) analysts come from diverse backgrounds, and their roles can vary a lot depending on the type of organisation they work for. The path to becoming a CTI analyst can follow one of several routes, such as moving from Security Operations Center (SOC) and other information security roles, joining from university, or from law enforcement or military backgrounds. I’ve also met many who have radically changed trades and reskilled from jobs such as secondary school teachers to bar and hotel staff with great success. CTI teams can also vary significantly in their structure and focus. Some analysts work for vendors, providing intelligence to multiple clients across industries like, for example, Recorded Future’s Insikt Group. Others serve as defenders within a single company, working to protect that organization’s assets like, for example Equinix’s ETAC team. There are analysts who operate within government agencies as well, such as intelligence, se...

Introduction Based on feedback I have received from fellow CTI researchers, incident responders, and managed detection and response teams around my Ransomware Tool Matrix project, I decided to make another Tool Matrix focused on one hostile state in particular: Russia. Again, as defenders, we should exploit the fact the tools used by these Russian APT groups are often reused and through proactive defensive work, we can frustrate and even eliminate the ability of certain adversaries to launch intrusions. Using the Russian APT Tool Matrix comes with its own challenges. While it is undoubtedly useful to have a list of tools commonly used by Russian APTs to hunt, detect, and block, there are some risks, as noted in the repository. The new repository also contains multiple types of Russian threat groups, this includes adversaries part of the GRU, SVR, and FSB. The alias of each Russian threat group has been chosen by what the author of this repo believes it is most well-known as. ...