Threat hunting case study: Cozy Bear
Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR. Here's how to use the HUNTER471 platform to threat hunt for this group.
Holiday Season Cyber Threats (Part 2): Ransomware, Gift Cards, and Point-of-Sale breaches
The surge in online shopping and travel bookings during the holiday season offers rich pickings for cybercriminals. Black Friday, Cyber Monday, Christmas shopping, and increased travel throughout December offer ample opportun...
Holiday Season Cyber Threats (Part 1): Phishing, Fake Shops and Bogus Bookings
The holiday season is here. It’s a time for reuniting with family and friends, travel and gift-giving. It’s also a prime time for cybercrime as millions of consumers head to online checkouts on Black Friday, Cyber Monday, Giv...
Cybercrime Exposed Podcast: Raccoon Stealer
Information stealing malware is one of the most common ways that organizations end up infiltrated by malicious hackers. For several years, one type of infostealer called Raccoon Stealer ruled them all.
Using CTI in Realistic Attack Simulations
Australia holds regular exercises to test the cyber resiliency of the financial services sector. In this Studio 471, two experts from the cybersecurity consultancy CyberCX discuss how these exercises are developed using cyber...
A Look at Trending Chinese APT Techniques
Cyber capabilities play a key role in achieving China’s strategic goals. Here's a look at significant state-sponsored actors, which are adopting stealthy techniques to avoid their campaigns being linked to Beijing.
Threat Hunting Case Study: Uncovering Turla
Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior.
How to Defend Against Alleged Snowflake Attacker ‘Judische’
The threat actor behind the compromise of more than 165 organizations using Snowflake credentials stolen by infostealers has reportedly been detained. Here's a profile of the Com-related threat actor "Judische."
RedLine and Meta: The Story of Two Disrupted Infostealers
The RedLine infostealer's infrastructure is offline and its alleged creator charged. But RedLine's activity continues. Here's a deep dive into this infostealer operation and the effects of a law enforcement disruption.