Blog: Stay Ahead of Cyber Threats | Intel 471 Skip to content
Resources

Intel 471 Blog

Cutting edge threat intelligence and research

Hero background fallback
DragonForce Ransomware
Emerging Threats// May 12, 2025

DragonForce Ransomware

DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.

CVE-2025-31324 - SAP NetWeaver Vulnerability
Emerging Threats// May 12, 2025

CVE-2025-31324 - SAP NetWeaver Vulnerability

CVE-2025-31324 is a critical flaw in SAP NetWeaver’s Visual Composer that allows unauthenticated attackers to upload malicious files and gain full system control. Threat actors are already exploiting it in the wild using JSP ...

Managing a cyber crisis
Security Operations// May 05, 2025

Managing a cyber crisis

Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.

LabHost: A defunct but potent phishing service
Cybercriminals// Malicious Actors// Apr 16, 2025

LabHost: A defunct but potent phishing service

The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.

Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.

Threat-hunting case study: Windows Management Instrumentation abuse
Threat Hunting// Apr 09, 2025

Threat-hunting case study: Windows Management Instrumentation abuse

Attackers often use Windows Management Instrumentation (WMI) for reconnaissance to map networks. This case study describes how to threat hunt for malicious use of WMI, which is also used legitimately by administrators.

An in-depth look at Black Basta's TTPs
Cybercriminals// Malicious Actors// Apr 02, 2025

An in-depth look at Black Basta's TTPs

The Black Basta group constantly sought new malware and methods to infiltrate systems with ransomware. Here's a look at those tactics as drawn from a large leak of the group's chat messages.

VanHelsing Ransomware
Emerging Threats// Apr 02, 2025

VanHelsing Ransomware

Launched in March 2025, the cross-platform VanHelsing ransomware-as-a-service quickly attracted affiliates with its profit-sharing model and intuitive control panel, infecting multiple victims within weeks and showing signs o...

Writing high-quality IDS detection rules
Security Operations// Mar 26, 2025

Writing high-quality IDS detection rules

In this Studio 471, Jeremy Kirk sits down with Luca Allodi and Koen Teuwen of Eindhoven University of Technology who co-authored a recent academic study that examines how to write lower-noise rules for intrusion detection sys...

Update: Medusa Ransomware
Emerging Threats// Mar 26, 2025

Update: Medusa Ransomware

Medusa ransomware, active since 2021, continues to target critical infrastructure through unpatched applications and brokered access. Affiliates use living-off-the-land techniques and double-extortion tactics, prompting a new...

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.