Blog: Stay Ahead of Cyber Threats | Intel 471 Skip to content
Resources

Intel 471 Blog

Cutting edge threat intelligence and research

Hero background fallback
DanaBot malware disrupted, threat actors named
Cybercriminals// Malicious Actors// May 22, 2025

DanaBot malware disrupted, threat actors named

The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.

SANS 2025 CTI Survey: It’s Business Time for Cyber Risk
Threat Intelligence// May 21, 2025

SANS 2025 CTI Survey: It’s Business Time for Cyber Risk

The SANS Institute’s newly released SANS 2025 CTI Survey report reveals a major surge in use of cyber threat intelligence (CTI) by senior executive and business leaders to mitigate risk in strategic decisions, investments, an...

Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations
Security Operations// May 21, 2025

Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations

Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for i...

How an alleged Russian hacker slipped away
Cybercriminals// Malicious Actors// May 15, 2025

How an alleged Russian hacker slipped away

Russian man Andrei Tarasov was indicted on cybercrime charges related to the Angler exploit kit. He was arrested in Germany but slipped away to Russia — despite his anti-Russian views.

Threat hunting case study: Medusa ransomware
Security Operations// May 14, 2025

Threat hunting case study: Medusa ransomware

The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.

DragonForce Ransomware
Emerging Threats// May 12, 2025

DragonForce Ransomware

DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.

CVE-2025-31324 - SAP NetWeaver Vulnerability
Emerging Threats// May 12, 2025

CVE-2025-31324 - SAP NetWeaver Vulnerability

CVE-2025-31324 is a critical flaw in SAP NetWeaver’s Visual Composer that allows unauthenticated attackers to upload malicious files and gain full system control. Threat actors are already exploiting it in the wild using JSP ...

Managing a cyber crisis
Security Operations// May 05, 2025

Managing a cyber crisis

Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.

LabHost: A defunct but potent phishing service
Cybercriminals// Malicious Actors// Apr 16, 2025

LabHost: A defunct but potent phishing service

The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.

Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.