@BushidoToken Threat Intel

In this blog, we shall investigate a Russia-based mercenary group that has appeared in multiple CERT-UA reports after sending waves of spam to Ukrainian organisations. These mercenaries use tried and tested tactics, techniques, and procedures (TTPs) that are low effort, but operationally functional. This includes use of off-the-shelf commodity crimeware as well as legitimate remote management and monitoring (RMM) tools. These mercenaries also are notable as they have low operational security (OPSEC) and offer their services publicly, to Russians, via Facebook, Instagram, Telegram, various cybercrime forums, as well as their own websites. Background on UAC-0050 A report by the Computer Emergency Response Team of Ukraine (CERT-UA) on 22 February 2024 shared a notable statement of attribution to a threat group tracked as UAC-0050 that CERT-UA has shared updates on several times already. The CERT-UA team and other security researchers online believe that UAC-0050 is linked to a Rus...

For my last blog of 2020, I wanted to share a short checklist for users and researchers to keep themselves secure on the internet. Many attackers cast a wide net and many of those that fail the basics get caught. Hopefully this guide will help those on the path to Operational Security (OPSEC): Social Media: Set social media accounts (e.g. Twitter, Facebook, Instagram, Tiktok) to private. Avoid using your real name when creating accounts. Avoid using identifiable personal pictures for profile pictures and cover pictures. Leave bio details blank and avoid sharing identifiable information. Do not check-in to locations or share your location for social media posts. Have a vetted list of friends/contacts that you permit to view your social media content.  Finally, personnel who work in cleared positions may often ask family members not to share pictures of you and prevent tagging.  Personal Security (PERSEC): Use more than one email account - ideally one for critical services like ...