@BushidoToken Threat Intel

  (Image credit: DALL·E 2 ) Background In 2015 and 2016, the Democratic National Committee (DNC) was hacked by not one, but two Russian intelligence services, the Russian Main Intelligence Directorate (GRU) and the Russian Foreign Intelligence Service (SVR). The two advanced persistent threat (APT) groups attributed to these organizations coexisted inside the DNC's networks for months and provided valuable political intelligence to the Russian government, in the form of stolen files and emails, during the run-up to US presidential election. This audacious act of cyber-espionage brought these two APT groups, also known as FancyBear and CozyBear  (coined by CrowdStrike), into the spotlight and under the microscope ever since. On 24 February 2022, Russia invaded Ukraine and these two well-known APT groups (among many others) have been busy launching widespread intelligence gathering intrusion campaigns to support the Russian government and Russian military. This blog aims to leverag

  On 3 February 2022, the The UK Office of Gas and Electricity Markets (Ofgem) issued a warning that there has been a "record increase in global gas prices" which saw an "energy price cap rise of 54% "; adding that " Ofgem knows this rise will be extremely worrying for many people ". That last sentence is precisely why phishing threat actors are beginning to use Ofgem-themed lures as a pretext for phishing attacks to target and defraud UK-based users online.  On 17 May 2022, Ofgem issued a warning  " of a scam email claiming to be from Ofgem asking for bank details so customers can get a rebate " (see Figure 1). This was followed by an alert from UK Action Fraud stating it has  received "over 750 reports in just four days about these fake O fgem  emails". The UK NCSC also included the warning in its Weekly Threat Report. Figure 1: Ofgem-themed phishing email On 20 May 2022, while researching newly phishing pages a recently created Of

The title of this blog is a homage to the film Tinker Tailor Soldier Spy and presents the fact that video games and cheating is also tied to hacking and spying. It is a common trope in cybersecurity that professionals first became interested in the field through an encounter while playing games.  Speaking personally, I first became enthralled with hacking in 2008 by matching against some modders using hacked weapons while playing  Halo 3   (my favourite game of all time). This blog aims to highlight why monitoring the video game industry is important for cyber threat intelligence analysts hunting down the latest threats. Video games and hacking are very intertwined. Many hackers start out by creating cheats for games, and have to play the games to begin with to learn how to hack them.  There are also several notable incidents whereby hacking in video games escalated to become critical issues for the software development industry and enterprise security realms. This includes zero-day ex

  If you wanted to learn how an organized cybercriminal operation worked, look no further than the threat group known as Conti. The recent leaks of the group's chat logs have uncovered an unprecedented wealth of information and insights into how these veteran cybercriminals organize themselves.  Cyber Threat Intelligence (CTI) vendors and independent researchers have spent weeks poring over the Conti leaked chat logs and have uncovered dozens of very significant findings.  In this blog, I didn't want to duplicate what is already known (too much). I wanted to share some of the findings that I thought were the most interesting to me. To rapidly get up to speed on the Conti Leaks, I highly recommend other researchers to read the work in the following blogs: https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships ht