Pro-Russian hacktivism: Shifting alliances, new groups and risks
Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks the groups pose.
mommy Access Broker
mommy Access Broker is enabling access-as-a-service operations through detailed intrusion guides and compromised credentials, and Intel 471 has released reporting and Hunt Packages to support threat hunting and detection.
NATO summit commences in tandem with tense cyber, kinetic conflict
NATO's annual summit comes as member countries face a rapidly changing global security dynamic, with cyber playing a significant role.
A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator
The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content, call center management and negotiation skills.
Threat hunting case study: DragonForce
After compromising a system, attackers seek ways to maintain persistence. Here's how to threat hunt for a common persistence method used by attackers including DragonForce.
Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey
The SANS Institute has released its SANS 2025 CTI Survey report, an influential pulse-check of cyber threat intelligence (CTI) trends, challenges, and use cases. On May 21, 2025, Ashley Jess, a Senior Intelligence Analyst at ...
Android malware trends: Stealthier, easier-to-use
The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Fingerprinting threat actors by their anonymity techniques
Cybersecurity consultant Mick Deben of DMC Group created a knowledge base of attacker anonymity techniques. In this Studio 471 podcast, he discusses how practitioners can use it to fingerprint threat actors.
DanaBot malware disrupted, threat actors named
The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.
SANS 2025 CTI Survey: It’s Business Time for Cyber Risk
The SANS Institute’s newly released SANS 2025 CTI Survey report reveals a major surge in use of cyber threat intelligence (CTI) by senior executive and business leaders to mitigate risk in strategic decisions, investments, an...
