#threatactor — Public Fediverse posts

How many critical services are tied to abominations like #reCAPTCHA and #SafetyNet API? #Banking, #Healthcare, #eCommerce, #PublicServices, #PublicTransport, #RideHailing and even #WeatherServices. What are the implications of every citizen having to seek permissions from a trillion-dollar MNC to access any of them?

Check out #PRISM to see who Google silently shares this data with. #Google is a serious #state_sponsored #ThreatActor against individuals & national #sovereignty.

[3/6]

Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?

I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.

I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:

I feel like I'm creating more dependency than knowledge.

#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor

Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?

I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.

I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:

I feel like I'm creating more dependency than knowledge.

#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor

Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?

I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.

I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:

I feel like I'm creating more dependency than knowledge.

#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor

Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?

I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.

I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:

I feel like I'm creating more dependency than knowledge.

#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor

Here are four of the ten looping Claude user quotes on anthropic.com homepage... Mind you, these are not dynamic, they chose these explicitly. Are they trying to represent user sentiment accurately or are they reading these very differently than I am?

I went there after watching this talk: "Nicholas Carlini - Black-hat LLMs", from one of their engineers. There's definitely good work by talented and conscientious people that's going on there.

I'm rewriting this post because I'm cynical of corporate motives but I also don't think that interpreting everything cynically is helpful. Even after the VC funding runs out (hopefully before we destroy the planet and society), these tools won't disappear especially for malicious actors. So if they're also building tooling to mitigate harm / defend against threat actors, do I dare to hope they're reading the quotes the same way I am? Or is it more of:

I feel like I'm creating more dependency than knowledge.

#AI #Anthropic #Claude #Blackhat #LLM #SoftwareSecurity #Cybersecurity #ThreatActor

Hey Fediverse, especially folks that working in infosec or cybersecurity field.

Several years ago, I remember that Microsoft added a new Threat Actor in their classification list for Britain based APT.

I tried to search again, but I didn't find anything anymore regarding this.

Anyone has any pointer?

#Fediverse
#Infosec
#Cybersecurity
#ThreatActor
#APT
#ThreatIntel

The Rise and Fall of SiegedSec - Flare

https://flare.io/learn/resources/blog/rise-and-fall-siegedsec

Short summary: https://hackerworkspace.com/article/the-rise-and-fall-of-siegedsec-flare

#threatactor #cybersecurity #threatintelligence

@kims The rest of the world already knows the U.S. can't be trusted. It’s the majority of Americans (not anyone engaged enough to be on the fediverse, of course) who are only just now starting to learn that the world views the U.S. this way.
#RogueState #ThreatActor #ChaosActor

https://mas.to/@fsinn/115851374547884777

⚠️ New threat actor on the radar ⚠️ 🥷🏻 AtomSilo Ransomware 🗓️ added on February 24 🥢 Overview AtomSilo was first observed in September 2021, historically attributed to the Chinese state-sponsored cluster known as BRONZE STARLIGHT. #ransomNews #cybersecurity #threatactor

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

Check out my latest article, “Digital Defense Against the Dark Arts”
https://wfryer.substack.com/p/digital-defense-against-the-dark

Join me now in the "Zoom Room of Requirement" :-)

#MediaLit #MediaLiteracy #disinfo #HarryPotter #selfdefense #Russia #badactor #threatactor #edtechSR

How China’s “Walled Garden” is Redefining the Cyber Threat Landscape https://www.allforgardening.com/1585322/how-chinas-walled-garden-is-redefining-the-cyber-threat-landscape/ #apt #china #ChineseSpeakingThreatActors #garden #ThreatActor #webinar

He called himself an ‘untouchable hacker god’. But who was behind the biggest crime Finland has ever known? https://www.theguardian.com/technology/2026/jan/17/vastaamo-hack-finland-therapy-notes
#cybersecurity #datatheft #medical #psychiatrist #threatactor

Who Is Dark Storm? The Threat Actor European Security Teams Can’t Ignore https://thecyberexpress.com/dark-storm-threat-actor-profile/ #CybleCyberThreatIntelligencePlatform #CyberThreatIntelligencePlatform #governmentagenciesinEurope #proRussianhacktivistgroup #hacktivistalliances #cyberadversaries #TheCyberExpress #FirewallDaily #ThreatActors #DDoSattacks #ThreatActor #CyberNews

Who Is Dark Storm? The Threat Actor European Security Teams Can’t Ignore https://thecyberexpress.com/dark-storm-threat-actor-profile/ #CybleCyberThreatIntelligencePlatform #CyberThreatIntelligencePlatform #governmentagenciesinEurope #proRussianhacktivistgroup #hacktivistalliances #cyberadversaries #TheCyberExpress #FirewallDaily #ThreatActors #DDoSattacks #ThreatActor #CyberNews

Who Is Dark Storm? The Threat Actor European Security Teams Can’t Ignore https://thecyberexpress.com/dark-storm-threat-actor-profile/ #CybleCyberThreatIntelligencePlatform #CyberThreatIntelligencePlatform #governmentagenciesinEurope #proRussianhacktivistgroup #hacktivistalliances #cyberadversaries #TheCyberExpress #FirewallDaily #ThreatActors #DDoSattacks #ThreatActor #CyberNews

Who Is Dark Storm? The Threat Actor European Security Teams Can’t Ignore https://thecyberexpress.com/dark-storm-threat-actor-profile/ #CybleCyberThreatIntelligencePlatform #CyberThreatIntelligencePlatform #governmentagenciesinEurope #proRussianhacktivistgroup #hacktivistalliances #cyberadversaries #TheCyberExpress #FirewallDaily #ThreatActors #DDoSattacks #ThreatActor #CyberNews

Albanese Physical Therapy Data Breach Exposes Patient Records https://dailydarkweb.net/albanese-physical-therapy-data-breach-exposes-patient-records/ #AlbanesePhysicalTherapy #CyberSecurity #DataBreaches #Pennsylvania #UnitedStates #threatactor #databreach #Healthcare #datasale #PHI #PII

Figment POS Data Breach Results in Stolen Source Code https://dailydarkweb.net/figment-pos-data-breach-results-in-stolen-source-code/ #sourcecodeleak #CyberSecurity #DataBreaches #PointofSale #threatactor #databreach #FigmentPOS #CloudPOS #Jordan #POS

ShinyHunters Site Message Changes After Arrest Reports https://dailydarkweb.net/shinyhunters-site-message-changes-after-arrest-reports/ #websitedefacement #scatteredspider #lawenforcement #CyberSecurity #CyberAttacks #ShinyHunters #threatactor #infosec #SLSH

Threat Actor Website ‘shinyhunte.rs’ Defaced in Apparent Feud https://dailydarkweb.net/threat-actor-website-shinyhunte-rs-defaced-in-apparent-feud/ #websitedefacement #scatteredspider #hackerconflict #CyberSecurity #CyberAttacks #ShinyHunters #threatactor #infosec

OMH SCIENCE Group Targeted in Network Access Breach https://dailydarkweb.net/omh-science-group-targeted-in-network-access-breach/ #UnauthorizedAccesses #IndustrialMachinery #OMHSCIENCEGroup #CyberSecurity #networkaccess #cyber-attack #threatactor #databreach #China

Kanał ZERO Data Breach Exposes User and Financial Data https://dailydarkweb.net/kanal-zero-data-breach-exposes-user-and-financial-data/ #CyberSecurity #financialdata #DataBreaches #threatactor #databreach #KanałZERO #dataleak #Poland #media

Beamtin: Ich kann Sie nicht allein im Büro lassen. Sie könnten ja Akten klauen. Mein Chef ist da sehr dahinter.

Ich: Also wenn ich hier Akten klauen wollte, dann über das Internet.

Beamtin: Ja, so wie unsere IT aussieht, wäre das der bessere Weg

Ich: ....?!

#Degitalisierung #Datenschutzbubble #threatactor #Deutschlandsymbolbild #bmds

Pakistani ISP Skyfi Network Allegedly Breached – Full System Access Sold Online https://dailydarkweb.net/pakistani-isp-skyfi-network-allegedly-breached-full-system-access-sold-online/ #networksecurity #DataBreaches #SkyfiNetwork #cyberattack #threatactor #databreach #Pakistan #webshell #ISP

Pakistani ISP Skyfi Network Allegedly Breached – Full System Access Sold Online https://dailydarkweb.net/pakistani-isp-skyfi-network-allegedly-breached-full-system-access-sold-online/ #networksecurity #DataBreaches #SkyfiNetwork #cyberattack #threatactor #databreach #Pakistan #webshell #ISP

Pakistani ISP Skyfi Network Allegedly Breached – Full System Access Sold Online https://dailydarkweb.net/pakistani-isp-skyfi-network-allegedly-breached-full-system-access-sold-online/ #networksecurity #DataBreaches #SkyfiNetwork #cyberattack #threatactor #databreach #Pakistan #webshell #ISP

Pakistani ISP Skyfi Network Allegedly Breached – Full System Access Sold Online https://dailydarkweb.net/pakistani-isp-skyfi-network-allegedly-breached-full-system-access-sold-online/ #networksecurity #DataBreaches #SkyfiNetwork #cyberattack #threatactor #databreach #Pakistan #webshell #ISP

Stone Panda (APT 10) continues global espionage campaigns tied to China’s MSS.
🎯 Targets: healthcare, defense, academia
🛠️ Tools: Mimikatz, BloodHound, Impacket
🌍 Active in the U.S., UK, Japan, India & more
Espionage vs disruption — which do you see as their long-term mission?
Follow @technadu for continuous APT tracking.

#StonePanda #APT10 #CyberEspionage #ChinaAPT #ThreatActor #Cyble

Threat Actor Allegedly Sells Administrative Access to Crypto Exchange for $5,000 https://dailydarkweb.net/threat-actor-allegedly-sells-administrative-access-to-crypto-exchange-for-5000/ #UnauthorizedAccesses #cryptocurrency #CyberSecurity #exchangehack #threatactor #cybercrime #databreach #API

Ghana Postal Service Allegedly Breached – Database and System Access for Sale https://dailydarkweb.net/ghana-postal-service-allegedly-breached-database-and-system-access-for-sale/ #UnauthorizedAccesses #GhanaPostalService #CyberSecurity #databaseleak #threatactor #databreach #webshell #Ghana

Ghana Postal Service Allegedly Breached – Database and System Access for Sale https://dailydarkweb.net/ghana-postal-service-allegedly-breached-database-and-system-access-for-sale/ #UnauthorizedAccesses #GhanaPostalService #CyberSecurity #databaseleak #threatactor #databreach #webshell #Ghana

Ghana Postal Service Allegedly Breached – Database and System Access for Sale https://dailydarkweb.net/ghana-postal-service-allegedly-breached-database-and-system-access-for-sale/ #UnauthorizedAccesses #GhanaPostalService #CyberSecurity #databaseleak #threatactor #databreach #webshell #Ghana

Ghana Postal Service Allegedly Breached – Database and System Access for Sale https://dailydarkweb.net/ghana-postal-service-allegedly-breached-database-and-system-access-for-sale/ #UnauthorizedAccesses #GhanaPostalService #CyberSecurity #databaseleak #threatactor #databreach #webshell #Ghana

Kirkpatrick Partners LLC Allegedly Suffers Data Breach – Exposing Information of 36,556 Users https://dailydarkweb.net/kirkpatrick-partners-llc-allegedly-suffers-data-breach-exposing-information-of-36556-users/ #KirkpatrickPartners #CyberSecurity #DataBreaches #threatactor #databreach #dataleak #userdata

The Hidden Front: Iran, Cyber Warfare, and the Looming Threat to U.S. Critical Infrastructure – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/the-hidden-front-iran-cyber-warfare-and-the-looming-threat-to-u-s-critical-infrastructure-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #criticalinfrastructure #cyberdefensemagazine #cyberdefensemagazine #CyberSecurityNews #nationalsecurity #digitalwarfare #Cybersecurity #Cyberattack #threatactor #binarycode #powergrid #hacker

Global Organizations Targeted in Alleged Access Sale https://dailydarkweb.net/global-organizations-targeted-in-alleged-access-sale/ #UnauthorizedAccesses #CyberSecurity #networkaccess #PulseSecure #threatactor #databreach #government #darkweb #CISCO #RDP #VPN

Alleged Sale of Network Access to Saudi Construction Firm https://dailydarkweb.net/alleged-sale-of-network-access-to-saudi-construction-firm/ #UnauthorizedAccesses #CyberSecurity #Construction #cyberattack #SaudiArabia #threatactor #databreach #RDPaccess

Spanish Government Network Access Allegedly Compromised https://dailydarkweb.net/spanish-government-network-access-allegedly-compromised/ #UnauthorizedAccesses #networksecurity #CyberSecurity #threatactor #databreach #government #Alleged #España #Spain #RDP

Telegram Is Cooperating With Authorities, For Now - This is good news for the benign side of the cyber world. What we in the #DDoS mitigation industry observe are Telegram channels for e.g. #marketplaces for #DDoSforhire services or #threatactor coordination.

Seeing that #Telegram seizes to be the safe haven for shady, or straight up illegal activities that are a burden to the #Internet at large is really good news.

Hey #CyberSecurity pros! 👋 Ready to dive into the latest threats and breaches making headlines?

Our latest blog post is packed with need-to-know info to keep you ahead of the curve.

🗞️ https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

Here's a quick rundown of what's inside:

🕵️‍♂️ FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!

🗄️ RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.

😬 StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!

🏛️ NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.

👨‍🎓 NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.

💰 Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!

🤖 Atlantis AIO Automates Credential Stuffing: This new platform automates credential stuffing attacks against 140 online services. Stay vigilant against brute force attacks!

🚨 Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!

👦 UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.

Ready for the full scoop? Read the full blog post here 👉 https://opalsec.io/daily-news-update-thursday-march-27-2025-australia-melbourne/

#Cybersecurity #InfoSec #DataBreach #Ransomware #ThreatIntelligence #DataPrivacy #ZeroDay #FamousSparrow #RedCurl #StreamElements #NSWCourts #NYU #MORSECorp #AtlantisAIO #Chrome #ComNetworks #SecurityNews #CybersecurityThreats #InfoSecurity #CyberAttack #DataSecurity #PrivacyMatters #Vulnerability #Cybercrime #ThreatActor #ESET #SaltTyphoon #NIST #ZeroTrust #SaltTyphoon #CriticalInfrastructure

Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic https://cyble.com/blog/top-countries-facing-cybercrime-threats/ #ThreatIntelligence #UnitedStated #ThreatActor #cyberattack #cybercrime #ransomware #Cybernews

Hackers may have leaked the #SocialSecurity Numbers (#SSN) of every #American
A dump of 2.7 billion records includes names, aliases and known physical addresses.
The data, which is unencrypted, is believed to have been obtained from a #databroker called #NationalPublicData.
On August 6th, a #threatactor known as "#Fenice" leaked the most complete version of the stolen National Public Data data for free on the #Breached hacking forum.
https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/

We just released a landscape review of Registered DGAs. We review the many ways threat actors are leveraging these algorithms -- including malware, phishing, scams, porns, you name it. Our RDGA detectors find tens of thousands of domains every day, and we've seen the use continue to rise over the last several years. Most folks aren't even aware since actors are doing this in DNS and it often isn't obvious. #dns #threatintel #cybersecurity #cybercrime #infoblox #RDGA #DGA #DDGA #malware #phishing #scams #infoblox #infobloxthreatintel #cybersecurity #threatactor #c2 #revolverrabbit #threatintelligence #cyber #cyberintelligence #xloader #formbook #abusedtld https://insights.infoblox.com/resources-research-report/infoblox-research-report-registered-dgas-the-prolific-new-menace-no-one-is-talking-about

"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT 🌐🔐🎯

Indicators of Compromise (IoCs):

• Domains: mode.encagil[.]com, ssl.explorecell[.]com
• File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
• SHA1:
  • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
  • fax.Application: 27894955aaf082a606337ebe29d263263be52154
  • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
  • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
  • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
  • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
  • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

Researchers from #SentinelOne & #Permiso is warning that a notorious #threatactor known as #TeamTNT is running a "sophisticated cloud-credential steaming and cryptomining campaign" targeting Amazon Web Services is now targeting Microsoft Azure and Google Cloud Platform.

#infosec #cybersecurity #cloudsecurity #AWS #GCP #Azure

https://www.darkreading.com/cloud/aws-cloud-credential-stealing-campaign-spreads-azure-google

Researchers from #SentinelOne & #Permiso is warning that a notorious #threatactor known as #TeamTNT is running a "sophisticated cloud-credential steaming and cryptomining campaign" targeting Amazon Web Services is now targeting Microsoft Azure and Google Cloud Platform.

#infosec #cybersecurity #cloudsecurity #AWS #GCP #Azure

https://www.darkreading.com/cloud/aws-cloud-credential-stealing-campaign-spreads-azure-google