Mapping a cyber attack — the Italian case
Mapping a real Italian intrusion onto the MITRE ATT&CK framework: phases, techniques, telemetry sources and lessons for SOC detection-engineering.
Tag
fortgale report
Read the analysis
Under Ransomware attack — the story of an incident response
Field account of a ransomware incident response engagement: initial scoping, eradication, recovery decisions and lessons learned about preparation gaps.
Compromise and Mining — Detection & Response
Cryptomining as a post-compromise objective: indicators on Linux and Windows endpoints, persistence techniques, network signals and containment workflow.
Hybrid Cyber Warfare between Russia and Ukraine — Italy among the targets
Russia-Ukraine cyber conflict: spillover operations on Italian organisations, attribution signals, defacement and DDoS waves, intelligence-driven defence priorities.
Today’s NATO event invitation used by a gang of cybercriminals
Among the cyber attacks recorded daily, there are some of more sophisticated nature. They are called Advanced Persistent Threats (APTs). These threats, among which some are state-sponsored, appear to be part of a Cyber Warfare scenario. Yet, they are as real as they can get and target specific information, such as company know-how, personal information or bank transactions. A team of analysts with appropriate … Read more
APT28 leverages the NATO event
APT28 (Fancy Bear) timing operations around NATO events: spearphishing lures, fake credential portals, payload delivery patterns and attribution signals.
Ursnif — attacks in Italy
Ursnif campaigns aimed at Italian organisations: phishing lures in Italian, payload delivery patterns and C2 hosting trends observed across multiple waves.
