US Military Weighs Standalone Cyber Force by 2028

The US military is considering a game-changing move: creating a standalone Cyber Force by 2028, but its success hinges on a crucial decision from Congress or the White House this year. A recent report outlines a bold plan to overcome longstanding structural challenges in cyber operations and make this vision a reality.

https://osintsights.com/us-military-weighs-standalone-cyber-force-by-2028?utm_source=mastodon&utm_medium=social

#UsMilitary #CyberForce #NationalSecurity #EmergingThreats #CyberOperations

Pentagon Integrates Cyber into Operations, Prioritizes AI Security

The Pentagon is revolutionizing its approach to cyber operations, shifting away from treating it as a separate entity and instead weaving it into every military operation from the ground up. By doing so, the Defense Department aims to harness the full power of information on the battlefield, with AI security at the…

https://osintsights.com/pentagon-integrates-cyber-into-operations-prioritizes-ai-security?utm_source=mastodon&utm_medium=social

#CyberOperations #ArtificialIntelligence #AiSecurity #CyberPolicy #NationalSecurity

Dutch Authorities Disrupt Russian Cyber Operations, Seize 800 Servers

In a major blow to Russian cybercrime, Dutch authorities seized over 800 servers and arrested two individuals in a daring raid that cracked down on illicit online operations. The suspects, a 57-year-old Amsterdam resident and a 39-year-old from The Hague, were charged with violating sanctions law by aiding EU-sanctioned entities.

https://osintsights.com/dutch-authorities-disrupt-russian-cyber-operations-seize-800-servers?utm_source=mastodon&utm_medium=social

#Russia #CyberOperations #SupplyChain #Sanctions #LawEnforcement

Beyond alert fatigue, European SOCs are struggling with prioritization, visibility, and talent gaps - the challenge isn’t just volume, it’s making sense of the noise. 🎯⚠️ #SOC #CyberOperations

https://securityboulevard.com/2026/03/beyond-alert-fatigue-what-european-socs-actually-struggle-with/

DDoS targeting sovereign digital infrastructure.
Roskomnadzor and the Russian Defense Ministry reported a large, multi-vector distributed denial-of-service campaign impacting regulator and telecom monitoring systems.

Technical considerations:
• Multi-source botnet traffic
• Cross-border server origination
• Targeted state-level digital infrastructure
• Temporary availability disruption
No attribution confirmed. No public claim of responsibility.

For security architects:
- Are traditional volumetric defenses sufficient against complex multi-vector campaigns?
- How should national agencies design redundancy against sustained L3/L7 hybrid floods?
- What role does geopolitical signaling play in non-destructive cyber operations?

Engage below.
Follow TechNadu for threat intelligence, DDoS analysis, and cyber operations reporting.
Repost to elevate discussion in the security community.

#Infosec #DDoSDefense #ThreatIntel #NetworkSecurity #CyberOperations #GeopoliticalRisk #DigitalInfrastructure #SecurityEngineering #CyberResilience #BotnetActivity #GlobalThreats

TrustConnect = RAT disguised as RMM.
Discovered by Proofpoint.
Technical observations:
• Centralized multi-customer C2
• API-driven agent registration (/api/agents/register)
• WebSocket RDP streaming
• EV certificate abuse (revoked Feb 6, 2026)
• Branded payload generation per org token
• Rapid infra pivot → “DocConnect” (SignalR integration)
Subscription model: $300/month via BTC/USDT.
Operators tracked victims across tenants.
This is MaaS evolving toward operational maturity — automation, AI-assisted site generation, and SaaS-style lifecycle management.

How should defenders adjust detection logic when malware is digitally signed and infrastructure rotates quickly?

Source: https://www.proofpoint.com/us/blog/threat-insight/dont-trustconnect-its-a-rat

Engage below.
Follow TechNadu for technical threat intelligence coverage.

#ThreatIntelligence #ReverseEngineering #MalwareResearch #RAT #MaaS #SOC #DFIR #CyberOperations #DetectionEngineering

Initial Access Broker “inthematrixl” pleads guilty after breaching Oregon’s emergency management network and monetizing administrative credentials for BTC.

Key TTP indicators:
• Credential harvesting and resale
• Proof-of-access via screenshots
• Targeting municipal infrastructure
• Cross-border operational footprint
He also compromised 10 additional U.S. entities, causing $250K+ in losses. Sentencing pending (up to 7 years).

Meanwhile, ransomware actors continue targeting healthcare, including the University of Mississippi Medical Center, triggering system-wide shutdowns.

Are we doing enough to disrupt IAB marketplaces upstream?
Drop your analysis below.

Source: https://therecord.media/romanian-hacker-faces-7-years-oregon-breach

Follow @technadu for technical threat reporting and case dissections.

Engage, share insights, and join the discussion.

#Infosec #ThreatIntelligence #IAB #Ransomware #SOC #BlueTeam #CyberThreats #DFIR #OSINT #CyberOperations

Operation Red Card 2.0, led by INTERPOL, disrupted multi-country cybercrime syndicates operating phishing, investment fraud, and mobile money scam infrastructure.

Key enforcement outcomes:
• 651 suspects arrested
• 2,341 devices seized
• 1,442 malicious domains/servers dismantled
• $4.3M recovered
• $45M+ in linked financial losses

This highlights operational maturity in cross-border cyber enforcement - particularly around infrastructure seizure and coordinated intelligence sharing.

From a defensive standpoint:
How can SOC teams better detect early-stage fraud campaigns originating from emerging regions?

Source: https://www.bleepingcomputer.com/news/security/police-arrests-651-suspects-in-african-cybercrime-crackdown/

Comment your technical perspective.
Follow Technadu for threat intelligence reporting and enforcement analysis.

#Infosec #ThreatIntel #Cybercrime #FraudInfrastructure #PhishingCampaigns #SOC #BlueTeam #CyberOperations #LawEnforcementTech #CyberDefense #DigitalForensics

DNS-based staging via ClickFix represents tactical evolution.

Per Microsoft:
• Cmd.exe → nslookup execution
• Hardcoded external DNS resolver
• Payload embedded in DNS Name: response
• ZIP retrieval from azwsappdev[.]com
• Python-based reconnaissance
• VBScript persistence via Startup LNK
• ModeloRAT deployment
• Lumma Stealer distribution via CastleLoader (GrayBravo)

Campaign telemetry also discussed by Bitdefender and Kaspersky.

DNS offers:
• Reduced dependency on HTTP
• Traffic blending with legitimate queries
• Lightweight validation signaling

Detection priorities:
• Anomalous nslookup patterns
• External DNS resolver usage
• Suspicious Startup LNK creation
• DNS response content inspection

Is your EDR correlating DNS queries with process lineage?
Engage below.
Follow @technadu for advanced threat analysis.

#ThreatIntel #ClickFix #DNSStaging #ModeloRAT #LummaStealer #CastleLoader #DetectionEngineering #BlueTeam #SOC #Infosec #CyberOperations #MalwareAnalysis

UNC3886 leveraged ORB infrastructure for stealthy telecom targeting.

Per Cyber Security Agency of Singapore:
• Zero-day firewall compromise
• Rootkit persistence mechanisms
• GOBRAT & TINYSHELL C2 nodes
• ORB-tagged IP clustering in Singapore ASNs
• NetFlow-confirmed router-to-ORB communications
• Pre-positioned reconnaissance

Attribution aligned with assessments from Mandiant linking activity to China-sponsored espionage.

ORB networks blur the line between botnets and residential proxy ecosystems, increasing attribution friction and collateral risk.

Defensive priorities:
• Threat intel enrichment
• Edge device patch enforcement
• ASN anomaly detection
• Zero-trust segmentation
• IoT telemetry visibility

How mature are ORB detection capabilities in your SOC?

Engage below.

Source: https://cyberpress.org/orb-networks-masks-attacks/

Follow @technadu for advanced threat analysis.

#ThreatIntel #UNC3886 #ORBNetworks #IoTSecurity #ZeroDay #C2Infrastructure #NetFlow #TelecomSecurity #BlueTeam #ThreatHunting #APTActivity #CyberOperations #Infosec