#cyberoperations — Public Fediverse posts on home.social

TechNadu @[email protected] · 2026-02-21 · 09:43 UTC

TrustConnect = RAT disguised as RMM.
Discovered by Proofpoint.
Technical observations:
• Centralized multi-customer C2
• API-driven agent registration (/api/agents/register)
• WebSocket RDP streaming
• EV certificate abuse (revoked Feb 6, 2026)
• Branded payload generation per org token
• Rapid infra pivot → “DocConnect” (SignalR integration)
Subscription model: $300/month via BTC/USDT.
Operators tracked victims across tenants.
This is MaaS evolving toward operational maturity — automation, AI-assisted site generation, and SaaS-style lifecycle management.

How should defenders adjust detection logic when malware is digitally signed and infrastructure rotates quickly?

Source: https://www.proofpoint.com/us/blog/threat-insight/dont-trustconnect-its-a-rat

Engage below.
Follow TechNadu for technical threat intelligence coverage.

#ThreatIntelligence #ReverseEngineering #MalwareResearch #RAT #MaaS #SOC #DFIR #CyberOperations #DetectionEngineering

#threatintelligence #reverseengineering #malwareresearch #rat #maas #soc

TechNadu @[email protected] · 2026-02-14 · 17:34 UTC

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

#threatintel #unc3886 #orbnetworks #iotsecurity #zeroday #c2infrastructure

TechNadu @[email protected] · 2026-01-10 · 16:57 UTC

Threat actors continue to operationalize current-events lures as part of malware delivery chains.

Recent research shows a backdoor deployed via attachments themed around breaking geopolitical news, using legitimate binaries and DLL sideloading techniques for persistence.

No attribution assumptions - just a reminder that contextual relevance remains one of the most effective social engineering tools.

What controls have you found most effective against news-driven phishing?

Engage with us in the comments and follow @technadu for practical threat intelligence coverage.

Source: https://www.darktrace.com/blog/maduro-arrest-used-as-a-lure-to-deliver-backdoor

#InfoSec #ThreatResearch #MalwareTTPs #PhishingDefense #CyberOperations #ThreatDetection #TechNadu

#infosec #threatresearch #malwarettps #phishingdefense #cyberoperations #threatdetection

TechNadu @[email protected] · 2025-12-29 · 17:03 UTC

Ubisoft’s Rainbow Six Siege disruption underscores the security complexity of large live-service platforms.

User reports suggest unauthorized backend activity impacting bans, in-game currency, and marketplace functions. Ubisoft has paused services and initiated rollbacks while investigating.

For InfoSec teams, this incident highlights the importance of access governance, monitoring of privileged systems, and clear incident communication - especially where digital economies are involved.

Thoughts from practitioners are welcome.
Follow @technadu for neutral, practitioner-focused cybersecurity coverage.

Source: https://cyberinsider.com/rainbox-six-siege-disrupted-by-breach-forcing-marketplace-shut-down/

#InfoSec #IncidentResponse #GameSecurity #PlatformRisk #AccessControl #CyberOperations

#infosec #incidentresponse #gamesecurity #platformrisk #accesscontrol #cyberoperations

TechNadu @[email protected] · 2025-12-27 · 17:05 UTC

CISA’s Pre-Ransomware Notification Initiative remains operational, but its long-term structure is under discussion following leadership changes.

The program has demonstrated how early intelligence sharing - before encryption or extortion - can materially reduce ransomware impact across critical sectors.

This development raises broader InfoSec questions around operational resilience, continuity of trust relationships, and how early-warning models can be scaled beyond key individuals.

Thoughts from practitioners and researchers are welcome.

Follow @technadu for neutral, practitioner-focused cybersecurity coverage.

Source : https://www.cybersecuritydive.com/news/cisa-ransomware-warning-program-key-employee-left/808589/

#InfoSec #RansomwareDefense #ThreatIntelligence #CISA #CyberOperations #SecurityStrategy #RiskReduction

#infosec #ransomwaredefense #threatintelligence #cisa #cyberoperations #securitystrategy

Kyiv Independent Daily Headlines @[email protected] · 2025-08-19 · 11:16 UTC

Tuesday, August 19, 2025

Russia occupied less than 1% of Ukraine’s territory since November 2022, monitoring group says — Russian media shows US armored vehicle with Russian, American flags storming Ukrainian positions — Russian gasoline prices hit record highs after drone strikes shut refineries — Muscle beaches, drag racing, and drones falling into the sea. Summer in Odesa hasn’t stopped — In Ukraine, democracy finds its fiercest defenders … and more

https://activitypub.writeworks.uk/2025/08/tuesday-august-19-2025/

#actions #aggressivewar #alaska #alaskafolly #america #american