Ursnif Malware — Italian Tax Agency lure
Ursnif campaign abusing the Italian Tax Agency (Agenzia delle Entrate) brand as social-engineering lure: Italian-language phishing templates and host indicators.
Tag
incident response
Read the analysis
Handling the Microsoft Exchange Server cyber attack — why it can be worse than WannaCry
Mass exploitation of ProxyLogon (CVE-2021-26855/26857/26858/27065) on Microsoft Exchange Server: web shell hunting, two distinct intrusion sets observed in Italy, defensive guidance and post-compromise containment.
Under Ransomware attack — the story of an incident response
Field account of a ransomware incident response engagement: initial scoping, eradication, recovery decisions and lessons learned about preparation gaps.
Compromise and Mining — Detection & Response
Cryptomining as a post-compromise objective: indicators on Linux and Windows endpoints, persistence techniques, network signals and containment workflow.
