Threat hunting case study: DragonForce
After compromising a system, attackers seek ways to maintain persistence. Here's how to threat hunt for a common persistence method used by attackers including DragonForce.
Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey
The SANS Institute has released its SANS 2025 CTI Survey report, an influential pulse-check of cyber threat intelligence (CTI) trends, challenges, and use cases. On May 21, 2025, Ashley Jess, a Senior Intelligence Analyst at ...
Android malware trends: Stealthier, easier-to-use
The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Fingerprinting threat actors by their anonymity techniques
Cybersecurity consultant Mick Deben of DMC Group created a knowledge base of attacker anonymity techniques. In this Studio 471 podcast, he discusses how practitioners can use it to fingerprint threat actors.
DanaBot malware disrupted, threat actors named
The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.
SANS 2025 CTI Survey: It’s Business Time for Cyber Risk
The SANS Institute’s newly released SANS 2025 CTI Survey report reveals a major surge in use of cyber threat intelligence (CTI) by senior executive and business leaders to mitigate risk in strategic decisions, investments, an...
Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations
Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for i...
How an alleged Russian hacker slipped away
Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views.
Threat hunting case study: Medusa ransomware
The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.
DragonForce Ransomware
DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.
