Protected: DarkSide — Infrastructure analysis
There is no excerpt because this is a protected post.
Blog · research & analysis
Latest analysis
Read the analysis
Protected: DarkSide — The group and its evolution
There is no excerpt because this is a protected post.
Agent Tesla — campaign of 20 May 2021
Agent Tesla campaign of 20 May 2021: spearphishing templates, dropper chain, exfiltration channels and host-level indicators for endpoint detection.
REvil Ransomware Operator: A time zone analysis
In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more
Selling access to corporate virtualisation servers
Initial access brokers offering compromised hypervisors (VMware ESXi, Hyper-V) on underground markets: pricing trends, victim profiles and downstream ransomware risk.
DarkSide Ransomware: the Colonial Pipeline hack
DarkSide ransomware in the Colonial Pipeline incident: initial access hypotheses, fuel supply disruption on the US East Coast, ransom payment and operational impact.
REvil Ransomware: Linux server encryption variant available
REvil ransomware Linux build: ESXi/Linux server encryption capability, deployment patterns observed and detection considerations for hybrid environments.
Italy Report: Microsoft Exchange
Country-level snapshot of Microsoft Exchange compromise across Italian organisations: exposure metrics, exploitation observed and remediation status.
Cyber Threat Intelligence — attacks on Italian companies
Cyber Threat Intelligence applied to attacks on Italian organisations: actor mapping, sectoral targeting trends and operational priorities for defenders.
