TechNaduFeb 25

Operational Brief:
Threat cluster: Diesel Vortex
Attribution indicators: Russian domain infrastructure, Armenian-language operator comms

Discovery: Exposed .git repository
Primary impact:
• 1,600+ compromised credentials
• Freight diversion & double-brokering
• Structured phishing-as-a-service (“MC Profit Always”)
Investigated by Have I Been Squatted, Ctrl-Alt-Int3l.
Infrastructure disruption supported by Google Threat Intelligence Group, Cloudflare, GitLab, Ping Identity.

Detection priorities:
– Credential stuffing monitoring
– Load board anomaly detection
– Broker identity validation
– Git exposure scanning

Source: https://therecord.media/phishing-operation-russia-armenia-targeting-us-european-cargo

Follow for tactical threat briefings.
Share detection insights below.

#Infosec #ThreatIntel #PhishingInfrastructure #CargoFraud #SupplyChainSecurity #CredentialAbuse #FraudOps #CyberCrime #BlueTeam #SOC #DigitalForensics

Manuel BisseyDec 18

☢️ Attackers are using stolen AWS credentials to run large-scale cryptomining — cloud abuse turns leaked keys into real money fast. Secure identities, monitor spend. ☁️💰 #CloudSecurity #CredentialAbuse

https://www.darkreading.com/cloud-security/attackers-use-stolen-aws-credentials-cryptomining

TechNaduOct 31

Fortinet’s mid-year IR report reaffirms a key truth: most financially driven breaches don’t rely on malware - they rely on valid logins.
Credential theft, VPN abuse, and remote access tool misuse dominate 2025’s incident landscape.
The takeaway: shift from malware-centric defenses to identity-based monitoring and MFA enforcement.
💬 How do you see this trend shaping SOC priorities for next year?
Follow @technadu for independent, non-sensational cyber intelligence.

#CyberSecurity #Fortinet #IncidentResponse #CredentialAbuse #InfoSec #ThreatIntel #SOC #IdentitySecurity #EDR #MFA #CyberAwareness #DigitalResilience

DeepSec Conference ☑Oct 4, 2025

DeepSec 2025 Talk: Man-In-The-Service: Truly OpSec Safe Relay Techniques – Tobia Righi

Recently, due to EDRs, it has become harder and harder to abuse credential access by dumping LSASS after compromising a Windows server and gaining local administrator on it. So, many red-teamers, pentesters

https://blog.deepsec.net/deepsec-2025-talk-man-in-the-service-truly-opsec-safe-relay-techniques-tobia-righi/

#Conference #CredentialAbuse #DeepSec2025 #ManInTheServiceAttack #RelayBox #Talk

DeepSec 2025 Talk: Man-In-The-Service: Truly OpSec Safe Relay Techniques - Tobia Righi

At DeepSec 2025 Tobi Righi will show novel ways to introduce relays between Microsoft® Windows services and attackers.

DeepSec In-Depth Security Conference
ITSEC NewsMar 12, 2020
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs - Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial ... more: https://threatpost.com/akamai-on-credential-stuffing-attacks/153654/?utm_source=rss&utm_medium=rss&utm_campaign=akamai-on-credential-stuffing-attacks #credentialstuffing #financialservices #bankcyberattack #credentialabuse #sqlinjection #websecurity #ddosattack #apiattack #videos #hacks #api
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs

Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.

Threatpost - English - Global - threatpost.com