Threat Intelligence | Intel 471 Skip to content

Threat Intelligence

Hero background fallback
LabHost: A defunct but potent phishing service
Cybercriminals// Malicious Actors// Apr 16, 2025

LabHost: A defunct but potent phishing service

The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.
Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.
An in-depth look at Black Basta's TTPs
Cybercriminals// Malicious Actors// Apr 02, 2025

An in-depth look at Black Basta's TTPs

The Black Basta group constantly sought new malware and methods to infiltrate systems with ransomware. Here's a look at those tactics as drawn from a large leak of the group's chat messages.
Threat hunting case study: RMM software
Threat Hunting// Mar 18, 2025

Threat hunting case study: RMM software

Attackers hijack or install their own remote monitoring and management software to penetrate deeper into organizations. This activity, however, can be detected using threat hunts based on threat intelligence.
Zservers: Bulletproof hosting for online crime
Cybercriminals// Malicious Actors// Mar 11, 2025

Zservers: Bulletproof hosting for online crime

Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.
Android trojan TgToxic updates its capabilities
Security Operations// Feb 24, 2025

Android trojan TgToxic updates its capabilities

Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.
DeepSeek AI poses cybersecurity risks
Threat Intelligence// Feb 07, 2025

DeepSeek AI poses cybersecurity risks

China-based DeepSeek has upended notions about AI development and prompted security concerns. Here is a briefing on DeepSeek and how cybercriminals are viewing its development.
How threat actors are using artificial intelligence
Threat Intelligence// Jan 29, 2025

How threat actors are using artificial intelligence

Artificial intelligence is a red-hot mess, filled with contradicting predictions over whether it will bring vast benefits. In this Studio 471, Ashley Jess shares her insight into how AI will shape the threat landscape.
How ransomware may trend in 2025
Cybercriminals// Malicious Actors// Jan 21, 2025

How ransomware may trend in 2025

New variants and threat actor groups kept up the tempo of ransomware attacks in 2024. Here's a look at how this type of pervasive cybercrime may trend this year.
Collecting Useful CTI from Underground Markets
Threat Intelligence// Dec 17, 2024

Collecting Useful CTI from Underground Markets

Extracting cyber threat intelligence on emerging threats and novel threat actors is challenging. Michele Campobasso completed his doctoral thesis in 2024 at Eindhoven University of Technology, and in Studio 471, he shares ins...
Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.

© 2025 Intel 471  |  Privacy Policy  |  Terms of Service  |  Legal Agreements  |  Modern Slavery and Human Trafficking Statement