Blog: Stay Ahead of Cyber Threats | Intel 471 Skip to content
Resources

Intel 471 Blog

Cutting edge threat intelligence and research

Hero background fallback
Zservers: Bulletproof hosting for online crime
Cybercriminals// Malicious Actors// Mar 11, 2025

Zservers: Bulletproof hosting for online crime

Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.

Update: Black Basta Ransomware and Threat Group
Emerging Threats// Mar 05, 2025

Update: Black Basta Ransomware and Threat Group

A significant leak of internal chat logs from within Black Basta ransomware group has provided the community with a glimpse into their operations, including further information regarding their capabilities, tools and motivati...

Black Basta exposed: A look at a cybercrime data leak
Cybercriminals// Malicious Actors// Feb 28, 2025

Black Basta exposed: A look at a cybercrime data leak

Black Basta suffered a leak of 197,000 internal chats messages, which has exposed critical details about how this damaging ransomware gang operated, including how its top member claims to have eluded law enforcement.

The evolution of Russian cybercrime
Cybercriminals// Malicious Actors// Feb 26, 2025

The evolution of Russian cybercrime

In this Studio 471, Roman Sannikov, Founder of Constellation Cyber shares his insight into the Russian cybercriminal landscape, the evolution of online crime and what lies ahead with ransomware.

BadPilot Campaign
Emerging Threats// Feb 26, 2025

BadPilot Campaign

The subgroup conducting BadPilot has been observed to be exploiting known vulnerabilities, such as CVE-2024-1709 (ConnectWise ScreenConnect) and CVE-2023-48788 (Fortinet FortiClient EMS), as well as abusing remote access tool...

Android trojan TgToxic updates its capabilities
Security Operations// Feb 24, 2025

Android trojan TgToxic updates its capabilities

Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.

Threat hunting case study: SocGholish
Cybercriminals// Malicious Actors// Feb 13, 2025

Threat hunting case study: SocGholish

SocGhlosh is a malware campaign that spreads via hacked web pages. This is a guide for how to detect infections by searching in SIEMs and logging systems for attacker behaviors.

DeepSeek AI poses cybersecurity risks
Threat Intelligence// Feb 07, 2025

DeepSeek AI poses cybersecurity risks

China-based DeepSeek has upended notions about AI development and prompted security concerns. Here is a briefing on DeepSeek and how cybercriminals are viewing its development.

Law enforcement hammered cybercrime in 2024. Is it working?
Cybercriminals// Malicious Actors// Feb 04, 2025

Law enforcement hammered cybercrime in 2024. Is it working?

In 2024, authorities took aim at ransomware gangs, malware developers, cybercriminal infrastructure and cryptocurrency thieves. Here's a look at the effects of these operations.

How threat actors are using artificial intelligence
Threat Intelligence// Jan 29, 2025

How threat actors are using artificial intelligence

Artificial intelligence is a red-hot mess, filled with contradicting predictions over whether it will bring vast benefits. In this Studio 471, Ashley Jess shares her insight into how AI will shape the threat landscape.

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.