Security Operations | Intel 471 Skip to content

Security Operations

Hero background fallback
Android trojan TgToxic updates its capabilities
Security Operations// Feb 24, 2025

Android trojan TgToxic updates its capabilities

Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.
Threat hunting case study: Cozy Bear
Security Operations// Dec 11, 2024

Threat hunting case study: Cozy Bear

Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR. Here's how to use the HUNTER471 platform to threat hunt for this group.
Using CTI in Realistic Attack Simulations
Security Operations// Nov 26, 2024

Using CTI in Realistic Attack Simulations

Australia holds regular exercises to test the cyber resiliency of the financial services sector. In this Studio 471, two experts from the cybersecurity consultancy CyberCX discuss how these exercises are developed using cyber...
Is your organisation ready for NIS2?
Security Operations// Oct 14, 2024

Is your organisation ready for NIS2?

The October 17 deadline for EU Member States to transpose the EU’s NIS2 Directive to lift the cyber resilience of critical infrastructure across Europe is here. NIS2 and the rapidly evolving digital threat landscape make it m...
Detecting Malware Abusing Google for Command-and-Control
Security Operations// Oct 01, 2024

Detecting Malware Abusing Google for Command-and-Control

Malware often abuses cloud services for command-and-control. It's not a new technique but has been used recently by the Voldemort malware. In this post, we describe two different threat hunts that can detect this activit...
Introducing the CTI Capability Maturity Model, a resource for measuring and building mature CTI programs
Security Operations// Aug 05, 2024

Introducing the CTI Capability Maturity Model, a resource for measuring and building mature CTI programs

The CTI Capability Maturity Model (CTI-CMM) is an easy to use, vendor-neutral model that promotes a “stakeholder-first” approach to building a mature CTI program, evaluating its progress, and continuously improving it during ...
Threat hunting case study: Looking for Volt Typhoon
Security Operations// Jul 22, 2024

Threat hunting case study: Looking for Volt Typhoon

Volt Typhoon is a state-sponsored threat actor group that establishes persistence in critical infrastructure. Here's how to perform intelligence-driven threat hunting to find possible signs of an attack.
Threat hunting case study: Looking for Evil Corp
Security Operations// Jun 18, 2024

Threat hunting case study: Looking for Evil Corp

Threat hunting can detect malicious behavior and stop a data breach. Here's how to use Intel 471's Hunter platform to detect the Evil Corp cybercriminal group.
Vulnerabilities Year-in-Review: 2023
Security Operations// Mar 27, 2024

Vulnerabilities Year-in-Review: 2023

In 2023, threat actors showed increasing interest in zero-day vulnerabilities and recently disclosed ones. Here's our review of the trends and tips for defense.
Phishing Emails Abusing QR Codes Surge
Security Operations// Oct 31, 2023

Phishing Emails Abusing QR Codes Surge

QR code phishing has surged as cybercriminals revisit this old technique. Here are the trends and how to guard against these kinds of attacks.
Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.

© 2025 Intel 471  |  Privacy Policy  |  Terms of Service  |  End User Agreement  |  Modern Slavery and Human Trafficking Statement