Blog: Stay Ahead of Cyber Threats | Intel 471 Skip to content
Resources

Intel 471 Blog

Cutting edge threat intelligence and research

Homepage Hero
Threat hunting case study: Cozy Bear
Security Operations// Dec 11, 2024

Threat hunting case study: Cozy Bear

Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR. Here's how to use the HUNTER471 platform to threat hunt for this group.

Holiday Season Cyber Threats (Part 2): Ransomware, Gift Cards, and Point-of-Sale breaches
Cybercriminals// Malicious Actors// Dec 10, 2024

Holiday Season Cyber Threats (Part 2): Ransomware, Gift Cards, and Point-of-Sale breaches

The surge in online shopping and travel bookings during the holiday season offers rich pickings for cybercriminals. Black Friday, Cyber Monday, Christmas shopping, and increased travel throughout December offer ample opportun...

Holiday Season Cyber Threats (Part 1): Phishing, Fake Shops and Bogus Bookings
Threat Intelligence// Dec 06, 2024

Holiday Season Cyber Threats (Part 1): Phishing, Fake Shops and Bogus Bookings

The holiday season is here. It’s a time for reuniting with family and friends, travel and gift-giving. It’s also a prime time for cybercrime as millions of consumers head to online checkouts on Black Friday, Cyber Monday, Giv...

Cybercrime Exposed Podcast: Raccoon Stealer
Cybercriminals// Malicious Actors// Dec 05, 2024

Cybercrime Exposed Podcast: Raccoon Stealer

Information stealing malware is one of the most common ways that organizations end up infiltrated by malicious hackers. For several years, one type of infostealer called Raccoon Stealer ruled them all.

Using CTI in Realistic Attack Simulations
Security Operations// Nov 26, 2024

Using CTI in Realistic Attack Simulations

Australia holds regular exercises to test the cyber resiliency of the financial services sector. In this Studio 471, two experts from the cybersecurity consultancy CyberCX discuss how these exercises are developed using cyber...

A Look at Trending Chinese APT Techniques
Cybercriminals// Malicious Actors// Nov 18, 2024

A Look at Trending Chinese APT Techniques

Cyber capabilities play a key role in achieving China’s strategic goals. Here's a look at significant state-sponsored actors, which are adopting stealthy techniques to avoid their campaigns being linked to Beijing.

Threat Hunting Case Study: Uncovering Turla
Threat Hunting// Nov 11, 2024

Threat Hunting Case Study: Uncovering Turla

Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior.

How to Defend Against Alleged Snowflake Attacker ‘Judische’
Cybercriminals// Malicious Actors// Nov 05, 2024

How to Defend Against Alleged Snowflake Attacker ‘Judische’

The threat actor behind the compromise of more than 165 organizations using Snowflake credentials stolen by infostealers has reportedly been detained. Here's a profile of the Com-related threat actor "Judische."

RedLine and Meta: The Story of Two Disrupted Infostealers
Cybercriminals// Malicious Actors// Oct 30, 2024

RedLine and Meta: The Story of Two Disrupted Infostealers

The RedLine infostealer's infrastructure is offline and its alleged creator charged. But RedLine's activity continues. Here's a deep dive into this infostealer operation and the effects of a law enforcement disruption.

Fog Ransomware
Emerging Threats// Oct 30, 2024

Fog Ransomware