DarkSide Ransomware: the Colonial Pipeline hack
DarkSide ransomware in the Colonial Pipeline incident: initial access hypotheses, fuel supply disruption on the US East Coast, ransom payment and operational impact.
Category
Emerging Threats
Read the analysis
REvil Ransomware: Linux server encryption variant available
REvil ransomware Linux build: ESXi/Linux server encryption capability, deployment patterns observed and detection considerations for hybrid environments.
Italy Report: Microsoft Exchange
Country-level snapshot of Microsoft Exchange compromise across Italian organisations: exposure metrics, exploitation observed and remediation status.
Cyber Threat Intelligence — attacks on Italian companies
Cyber Threat Intelligence applied to attacks on Italian organisations: actor mapping, sectoral targeting trends and operational priorities for defenders.
Ursnif Malware — Italian Tax Agency lure
Ursnif campaign abusing the Italian Tax Agency (Agenzia delle Entrate) brand as social-engineering lure: Italian-language phishing templates and host indicators.
Handling the Microsoft Exchange Server cyber attack — why it can be worse than WannaCry
Mass exploitation of ProxyLogon (CVE-2021-26855/26857/26858/27065) on Microsoft Exchange Server: web shell hunting, two distinct intrusion sets observed in Italy, defensive guidance and post-compromise containment.
PurpleFox: analysis of the compromise chain
PurpleFox malware framework: rootkit components, MSI installer abuse, exploit-driven worm capabilities and lateral movement patterns observed in Italian intrusions.
Security considerations — Cloud E-mail
Security trade-offs of moving corporate email to cloud platforms (Microsoft 365, Google Workspace): attack surface, account takeover patterns, MFA hardening and detection requirements.
Mapping a cyber attack — the Italian case
Mapping a real Italian intrusion onto the MITRE ATT&CK framework: phases, techniques, telemetry sources and lessons for SOC detection-engineering.
