@BushidoToken Threat Intel

Welcome to the world of hacktivism, where technology and activism collide. Verifying and researching hacktivist claims can be a challenging and time-consuming endeavour. The sheer volume of claims made by various hacktivist groups and individuals can be overwhelming. With numerous events occurring simultaneously, resources can be strained when attempting to fact-check each claim thoroughly.  Hacktivist activities can involve digital intrusions such as website defacements or data theft. These intrusions may leave limited residual forensic evidence. However, these digital artifacts are often ephemeral and are rarely shared publicly for cross examination. DDoS attacks can be even harder to verify as a third-party without access to the website or infrastructure's logs. This lack of transparency makes it challenging to confirm the authenticity and scope of many hacktivist actions.  This difficulty in promptly verifying and debunking claims can lead to misinformation spreading unche...

  Welcome to the final BushidoToken blog of 2022. Over the last year or so, an associate of mine in the UK has been targeted by a persistent Chinese-speaking scammer. The scammer often calls once or twice a month from a unique UK-based phone number and, if left unanswered, leaves an unusual automated voicemail.  I got the recorded voicemails and identified that they are almost certainly scam calls from Chinese-speaking fraudsters targeting Chinese international students at universities in the UK.  I have tracked this campaign for over a year and built a profile on the group's activities based on just the calls and voicemails they have left. I am now disclosing these attempts and subsequently tracking this activity group as "RedZei" (aka "RedThief"). The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation. A quick OSINT search found several recent articles about this apparent...

  On 3 February 2022, the The UK Office of Gas and Electricity Markets (Ofgem) issued a warning that there has been a "record increase in global gas prices" which saw an "energy price cap rise of 54% "; adding that " Ofgem knows this rise will be extremely worrying for many people ". That last sentence is precisely why phishing threat actors are beginning to use Ofgem-themed lures as a pretext for phishing attacks to target and defraud UK-based users online.  On 17 May 2022, Ofgem issued a warning  " of a scam email claiming to be from Ofgem asking for bank details so customers can get a rebate " (see Figure 1). This was followed by an alert from UK Action Fraud stating it has  received "over 750 reports in just four days about these fake O fgem  emails". The UK NCSC also included the warning in its Weekly Threat Report. Figure 1: Ofgem-themed phishing email On 20 May 2022, while researching newly phishing pages a recently created Of...