Operational Brief:
Threat cluster: Diesel Vortex
Attribution indicators: Russian domain infrastructure, Armenian-language operator comms

Discovery: Exposed .git repository
Primary impact:
• 1,600+ compromised credentials
• Freight diversion & double-brokering
• Structured phishing-as-a-service (“MC Profit Always”)
Investigated by Have I Been Squatted, Ctrl-Alt-Int3l.
Infrastructure disruption supported by Google Threat Intelligence Group, Cloudflare, GitLab, Ping Identity.

Detection priorities:
– Credential stuffing monitoring
– Load board anomaly detection
– Broker identity validation
– Git exposure scanning

Source: https://therecord.media/phishing-operation-russia-armenia-targeting-us-european-cargo

Follow for tactical threat briefings.
Share detection insights below.

#Infosec #ThreatIntel #PhishingInfrastructure #CargoFraud #SupplyChainSecurity #CredentialAbuse #FraudOps #CyberCrime #BlueTeam #SOC #DigitalForensics