Security Operations | Intel 471 Skip to content

Security Operations

Hero background fallback
Android malware trends: Stealthier, easier-to-use
Security Operations// Jun 04, 2025

Android malware trends: Stealthier, easier-to-use

The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations
Security Operations// May 21, 2025

Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations

Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for i...
Threat hunting case study: Medusa ransomware
Security Operations// May 14, 2025

Threat hunting case study: Medusa ransomware

The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.
Managing a cyber crisis
Security Operations// May 05, 2025

Managing a cyber crisis

Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.
Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.
Writing high-quality IDS detection rules
Security Operations// Mar 26, 2025

Writing high-quality IDS detection rules

In this Studio 471, Jeremy Kirk sits down with Luca Allodi and Koen Teuwen of Eindhoven University of Technology who co-authored a recent academic study that examines how to write lower-noise rules for intrusion detection sys...
Android trojan TgToxic updates its capabilities
Security Operations// Feb 24, 2025

Android trojan TgToxic updates its capabilities

Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.
Threat hunting case study: Cozy Bear
Security Operations// Dec 11, 2024

Threat hunting case study: Cozy Bear

Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR. Here's how to use the HUNTER471 platform to threat hunt for this group.
Using CTI in Realistic Attack Simulations
Security Operations// Nov 26, 2024

Using CTI in Realistic Attack Simulations

Australia holds regular exercises to test the cyber resiliency of the financial services sector. In this Studio 471, two experts from the cybersecurity consultancy CyberCX discuss how these exercises are developed using cyber...
Is your organisation ready for NIS2?
Security Operations// Oct 14, 2024

Is your organisation ready for NIS2?

The October 17 deadline for EU Member States to transpose the EU’s NIS2 Directive to lift the cyber resilience of critical infrastructure across Europe is here. NIS2 and the rapidly evolving digital threat landscape make it m...
Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.

© 2025 Intel 471  |  Privacy Policy  |  Terms of Service  |  Legal Agreements  |  Modern Slavery and Human Trafficking Statement