Blog · research & analysis
TrickBot is a banking-trojan malware that steals the login credentials of targeted banking sites using webinjects. Since June 2018 TrickBot features lateral movement capabilities in order to propagate itself from an infected client to a vulnerable domain controller. TrickBot Screenshots TrickBot Indicators Of Compromise (IOCs)
Cryptomining as a post-compromise objective: indicators on Linux and Windows endpoints, persistence techniques, network signals and containment workflow.
Russia-Ukraine cyber conflict: spillover operations on Italian organisations, attribution signals, defacement and DDoS waves, intelligence-driven defence priorities.
Among the cyber attacks recorded daily, there are some of more sophisticated nature. They are called Advanced Persistent Threats (APTs). These threats, among which some are state-sponsored, appear to be part of a Cyber Warfare scenario. Yet, they are as real as they can get and target specific information, such as company know-how, personal information or bank transactions. A team of analysts with appropriate … Read more
APT28 (Fancy Bear) timing operations around NATO events: spearphishing lures, fake credential portals, payload delivery patterns and attribution signals.
Italian IoT devices conscripted into botnets and used as launch pads for cyber attacks: device profiles, exposure metrics and remediation considerations.
Ursnif (Gozi/ISFB) banking trojan: persistence mechanisms, web-injection capabilities, command-and-control patterns and remediation steps for infected hosts.
Ursnif campaigns aimed at Italian organisations: phishing lures in Italian, payload delivery patterns and C2 hosting trends observed across multiple waves.
Insights from FortPot honeynet sensors: scanning waves, exploitation attempts on exposed services, automated brute-force trends and ASN-level intelligence.
