Blog: Stay Ahead of Cyber Threats | Intel 471 Skip to content
Resources

Intel 471 Blog

Cutting edge threat intelligence and research

Hero background fallback
Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level
Threat Hunting// Jul 24, 2025

Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level

Guided Threat Hunts offers a library of Pivot Queries for hundreds of hunt packages that enable your threat hunters and analysts to overcome uncertainty and boost productivity. Guided Threat Hunts is a set of packages that as...

Defending against doxing
Cybercriminals// Malicious Actors// Jul 22, 2025

Defending against doxing

In this Studio 471, Jacob Larsen discusses the effects of doxing, how sites like Doxbin take advantage of legal loopholes and how to defend against being doxed.

Threat hunting case study: Lumma infostealer
Security Operations// Jul 17, 2025

Threat hunting case study: Lumma infostealer

The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.

Pro-Russian hacktivism: Shifting alliances, new groups and risks
Threat Intelligence// Jul 02, 2025

Pro-Russian hacktivism: Shifting alliances, new groups and risks

Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks the groups pose.

mommy Access Broker
Emerging Threats// Jun 27, 2025

mommy Access Broker

mommy Access Broker is enabling access-as-a-service operations through detailed intrusion guides and compromised credentials, and Intel 471 has released reporting and Hunt Packages to support threat hunting and detection.

NATO summit commences in tandem with tense cyber, kinetic conflict
Cyber Attacks// Jun 24, 2025

NATO summit commences in tandem with tense cyber, kinetic conflict

NATO's annual summit comes as member countries face a rapidly changing global security dynamic, with cyber playing a significant role.

A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator
Cybercriminals// Malicious Actors// Jun 18, 2025

A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator

The leader of the Black Basta ransomware group employed a trusted, experienced cybercrime actor nicknamed Tinker who he relied on for phishing content, call center management and negotiation skills.

Threat hunting case study: DragonForce
Threat Hunting// Jun 10, 2025

Threat hunting case study: DragonForce

After compromising a system, attackers seek ways to maintain persistence. Here's how to threat hunt for a common persistence method used by attackers including DragonForce.

Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey
Threat Intelligence// Jun 09, 2025

Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey

The SANS Institute has released its SANS 2025 CTI Survey report, an influential pulse-check of cyber threat intelligence (CTI) trends, challenges, and use cases. On May 21, 2025, Ashley Jess, a Senior Intelligence Analyst at ...

Android malware trends: Stealthier, easier-to-use
Security Operations// Jun 04, 2025

Android malware trends: Stealthier, easier-to-use

The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.