Collecting Useful CTI from Underground Markets

Dec 17, 2024

The advent of cybercrime-as-a-service – where cybercriminals create tools and products for use by other cybercriminals – has revolutionized online crime, allowing it to scale and become more effective. The discussions and products in underground forums and marketplaces can give clues as to how cybercriminals are exploiting and profiting. But these markets can be sprawling. Extracting useful cyber threat intelligence about emerging threats and monitoring the rise of novel threat actors can be a challenge. Michele Campobasso completed his doctoral thesis in 2024 about these issues while at the Eindhoven University of Technology. In this Studio 471, Campobasso shares his insight into these markets and how to maximize CTI collection.

Participants:

Michele Campobasso, PhD, Eindhoven University of Technology

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Emerging Threats//Apr 1, 2026

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Emerging Threats//Mar 13, 2026

Handala Threat Group

An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.

Emerging Threats//Jan 27, 2026

CrazyHunter Ransomware

CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Collecting Useful CTI from Underground Markets

Related Articles

TeamPCP Supply Chain Attacks

Handala Threat Group

CrazyHunter Ransomware

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update