Threat Intelligence | Intel 471 Skip to content

Threat Intelligence

Hero background fallback
Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey
Threat Intelligence// Jun 09, 2025

Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey

The SANS Institute has released its SANS 2025 CTI Survey report, an influential pulse-check of cyber threat intelligence (CTI) trends, challenges, and use cases. On May 21, 2025, Ashley Jess, a Senior Intelligence Analyst at ...
Android malware trends: Stealthier, easier-to-use
Security Operations// Jun 04, 2025

Android malware trends: Stealthier, easier-to-use

The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Fingerprinting threat actors by their anonymity techniques
Threat Intelligence// May 28, 2025

Fingerprinting threat actors by their anonymity techniques

Cybersecurity consultant Mick Deben of DMC Group created a knowledge base of attacker anonymity techniques. In this Studio 471 podcast, he discusses how practitioners can use it to fingerprint threat actors.
DanaBot malware disrupted, threat actors named
Cybercriminals// Malicious Actors// May 22, 2025

DanaBot malware disrupted, threat actors named

The DanaBot malware was severely disrupted by law enforcement. Here's an in-depth look at this data-stealing workhorse for the cybercriminal underground.
SANS 2025 CTI Survey: It’s Business Time for Cyber Risk
Threat Intelligence// May 21, 2025

SANS 2025 CTI Survey: It’s Business Time for Cyber Risk

The SANS Institute’s newly released SANS 2025 CTI Survey report reveals a major surge in use of cyber threat intelligence (CTI) by senior executive and business leaders to mitigate risk in strategic decisions, investments, an...
LabHost: A defunct but potent phishing service
Cybercriminals// Malicious Actors// Apr 16, 2025

LabHost: A defunct but potent phishing service

The administrator of LabHost, a phishing-as-a-service (PhaaS) offering, was sentenced to 8 1/2 years in prison. Here's why PhaaS services are making it more difficult for defenders to prevent account takeovers and fraud.
Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.
An in-depth look at Black Basta's TTPs
Cybercriminals// Malicious Actors// Apr 02, 2025

An in-depth look at Black Basta's TTPs

The Black Basta group constantly sought new malware and methods to infiltrate systems with ransomware. Here's a look at those tactics as drawn from a large leak of the group's chat messages.
Threat hunting case study: RMM software
Threat Hunting// Mar 18, 2025

Threat hunting case study: RMM software

Attackers hijack or install their own remote monitoring and management software to penetrate deeper into organizations. This activity, however, can be detected using threat hunts based on threat intelligence.
Zservers: Bulletproof hosting for online crime
Cybercriminals// Malicious Actors// Mar 11, 2025

Zservers: Bulletproof hosting for online crime

Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.
Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.

© 2025 Intel 471  |  Privacy Policy  |  Terms of Service  |  Legal Agreements  |  Modern Slavery and Human Trafficking Statement