Looking for early reviewers on chapters 2 + 3 of my BSc thesis (Pterodo network architecture + WinRAR exploit chain).

Project notes live at github.com/palianytsia-200/U-OB-KY. Draft PDFs available — DM here on Mastodon or email [email protected]. Happy to trade reviews (your DFIR / detection-engineering writeup for mine).

Especially looking for anyone with hands-on Gamaredon incident-response experience. The thesis is methodology-heavy but I want feedback from people who've actually had to triage this stuff in a real SOC.

#Pterodo #ThreatIntel #DFIR #UkraineCyber

The CANFAIL campaign demonstrates structured, LLM-assisted phishing operations attributed to a suspected Russian-linked actor.

Per Google Threat Intelligence Group:
• Sectoral targeting: defense, military, energy, aerospace
• Regionally tailored email list generation
• Google Drive-hosted RAR payload delivery
• Double-extension obfuscation (*.pdf.js)
• JavaScript loader → PowerShell execution
• Memory-only dropper
• Fake error decoy
• Links to PhantomCaptcha activity (via SentinelOne)

LLMs were used for reconnaissance, lure generation, and post-compromise operational guidance.

This signals operational AI integration into state-aligned cyber campaigns.

Are detection models prepared for LLM-generated phishing artifacts?

Engage below.
Follow TechNadu for deep technical analysis.

#ThreatIntel #CANFAIL #APTActivity #PhishingDetection #LLMThreats #PowerShellAbuse #UkraineCyber #C2Infrastructure #SOC #BlueTeam #CyberOperations #MalwareAnalysis #Infosec