Glassworm botnet disrupted by takedown of resilient C2 infrastructure

In a major win for cybersecurity, researchers from CrowdStrike, Google, and The Shadowserver Foundation have successfully disrupted the Glassworm botnet by dismantling its complex command-and-control infrastructure. This takedown cuts off the lifelines of the threat actors, halting their campaigns that had been ongoing since…

https://osintsights.com/glassworm-botnet-disrupted-by-takedown-of-resilient-c2-infrastructure?utm_source=mastodon&utm_medium=social

#BotnetTakedown #Glassworm #C2Infrastructure #Blockchain #Peertopeer

Ukraine’s enforcement of verified-only Starlink terminals introduces a new model of satellite access control in conflict zones.

Operational implications reportedly include:
• Disruption of adversarial drone command-and-control
• Attempts at fraudulent terminal re-registration
• Social engineering targeting civilians
• Cyber exploitation of reconnection attempts
The incident demonstrates how:
– Commercial satellite services are high-value C2 infrastructure
– Identity verification becomes a strategic defense control
– Space-based connectivity is now an attack surface
From a security architecture standpoint, this is a case study in satellite access governance under active conflict conditions.

How should satellite providers balance neutrality, compliance, and operational control?

Source: https://therecord.media/starlink-restrictions-hit-russian-forces

Engage below.

Follow TechNadu for structured cybersecurity and threat intelligence reporting.

#Infosec #SatelliteSecurity #C2Infrastructure #CyberDefense #SpaceTech #ThreatIntelligence #DefenseCyber #SecurityArchitecture #HybridWarfare #TechNadu

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec

The CANFAIL campaign demonstrates structured, LLM-assisted phishing operations attributed to a suspected Russian-linked actor.

Per Google Threat Intelligence Group:
• Sectoral targeting: defense, military, energy, aerospace
• Regionally tailored email list generation
• Google Drive-hosted RAR payload delivery
• Double-extension obfuscation (*.pdf.js)
• JavaScript loader → PowerShell execution
• Memory-only dropper
• Fake error decoy
• Links to PhantomCaptcha activity (via SentinelOne)

LLMs were used for reconnaissance, lure generation, and post-compromise operational guidance.

This signals operational AI integration into state-aligned cyber campaigns.

Are detection models prepared for LLM-generated phishing artifacts?

Engage below.
Follow TechNadu for deep technical analysis.

#ThreatIntel #CANFAIL #APTActivity #PhishingDetection #LLMThreats #PowerShellAbuse #UkraineCyber #C2Infrastructure #SOC #BlueTeam #CyberOperations #MalwareAnalysis #Infosec

Proofpoint reports TA584 activity using Tsundere Bot, a Node.js-based MaaS platform, to establish access that could enable ransomware deployment.

The malware supports system profiling, remote JavaScript execution, SOCKS proxying, and C2 resolution via Ethereum-based EtherHiding techniques. Campaign volume and geographic scope have increased notably.

What detection or control points matter most here?

Follow @technadu for objective infosec coverage.

#ThreatIntelligence #MalwareResearch #InitialAccess #EmailThreats #C2Infrastructure #Ransomware

me when i start pivoting between domains and ips and certificates.

#threatresearch #c2infrastructure #pivoting