Fortgale Blog » threat

March 25, 2026 ·Emerging Threats

TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks

TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks TeamPCP is an emerging cybercriminal collective that became active in late 2025, distinguishing itself through a specialized focus on massive attacks against cloud-native infrastructures. Unlike traditional Advanced Persistent Threat (APT) groups that often prioritize deep persistence on specific endpoints, TeamPCP utilizes high-level automation to scale … Read more

Read the analysis

July 19, 2021 ·Emerging Threats

China APT: LuminousMoth

LuminousMoth: China-aligned APT operations against Southeast Asian government and telecom targets, USB-based propagation, custom backdoors and infrastructure overlaps.

Read the analysis

June 30, 2021 ·Emerging Threats

New Phishing techniques and how to identify them

Emerging phishing techniques 2021: HTML smuggling, browser-in-the-browser tricks, MFA-fatigue prompts and the detection signals defenders can rely on.

Read the analysis

June 21, 2021 ·Emerging Threats

BackdoorDiplomacy — threat against Ministries of Foreign Affairs

BackdoorDiplomacy APT activity against diplomatic missions and telecom operators: tooling, infrastructure overlap with known Chinese clusters and victim profiles.

Read the analysis

June 21, 2021 ·Emerging Threats

LokiBot campaign — update of 21 June 2021

LokiBot campaign of 21 June 2021: lure templates, dropper chain, exfiltration channels and IOC indicators across the latest waves.

Read the analysis

May 30, 2021 ·Emerging Threats

Protected: AnyDesk Malvertising — malware for system access

There is no excerpt because this is a protected post.

Read the analysis

May 19, 2021 ·Featured

REvil Ransomware Operator: A time zone analysis

In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more

Read the analysis

December 2, 2020 ·Emerging Threats

Mapping a cyber attack — the Italian case

Mapping a real Italian intrusion onto the MITRE ATT&CK framework: phases, techniques, telemetry sources and lessons for SOC detection-engineering.

Read the analysis

November 24, 2020 ·Emerging Threats

50 000 companies compromised, 700 Italian organisations among them

Mass compromise impacting 50 000 organisations globally with 700 Italian entities affected: scope, exploitation chain and defensive priorities.

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy