🌍 World Monitor, l’OSINT temps réel en accès libre

Une carte unique pour suivre signaux faibles, flux géopolitiques et infrastructures critiques.

Une veille cyber claire, rapide et exploitable.

--> https://www.zataz.com/world-monitor-losint-temps-reel-en-acces-libre/

#OSINT #CyberThreatIntel #ThreatIntelligence #Cyberveille #Geopolitique #Renseignement #OpenSourceIntelligence #Cartographie #VeilleStrategique #zataz @Damien_Bancal

The Rhysida ransomware group claims it breached the Cheyenne and Arapaho Tribes, demanding 10 BTC after disrupting education and administrative systems.

Governor Reggie Wassana confirmed refusal to negotiate.

Rhysida has a history of targeting public-sector networks, including state and municipal infrastructure.

Technical considerations:
• Initial access vector? Phishing vs exposed RDP?
• Backup segmentation and immutability
• Insurance-driven IR workflows
• Data exfiltration + double extortion tactics
• Public-sector attack surface mapping
Should smaller governments move toward managed detection and response (MDR) as a baseline requirement?

Source: https://therecord.media/cheyenne-arapaho-ransomware-rhysida

Share your technical insights below.

Follow @technadu for advanced ransomware intelligence.

#Ransomware #ThreatHunting #IncidentResponse #PublicSectorSecurity #CyberResilience #BlueTeam #Infosec #GovTech #DigitalForensics #CyberThreatIntel #DataProtection #SOC #ZeroTrust

According to Dragos, Volt Typhoon continues active operations inside U.S. utilities, shifting toward direct OT interaction and sensor data theft in 2025.

Notable elements:
• Pre-positioning in ICS environments
• Exploitation of Ivanti & Trimble Cityworks vulnerabilities
• GIS data harvesting for infrastructure mapping
• Access broker activity attributed to SYLVANITE
• Long-term persistence objectives
CEO Rob Lee stated some compromised sites may never be identified.

Technical question:
If adversaries maintain low-and-slow OT access, how should defenders adapt detection engineering?
– Network baselining?
– Sensor telemetry validation?
– Asset-level anomaly detection?
– Zero trust for OT?

Drop your technical analysis below.
Follow @technadu for advanced threat coverage.

#ICSsecurity #OTsecurity #ThreatHunting #DetectionEngineering #VoltTyphoon #InfrastructureDefense #CyberResilience #EnergyGrid #WaterUtilities #NationalSecurity #BlueTeam #CyberThreatIntel

⚠️ Smishing alert for Greek citizens. 💳 🚨

Scammers are pushing fake AADE (Independent Authority for Public Revenue) “unpaid taxes” SMS that lead to cloned payment pages designed to steal credit‑card info. If a text suddenly demands urgent payment, treat it like a pop‑up from nowhere—don’t click, don’t trust, don’t pay. Share to protect others.

mycargr[.]com
aadcar[.]com
aadgee[.]com
aadgre[.]com

#CyberThreatIntel #Infoblox #DNS #ThreatResearch #phishing #smishing #Cybercrime #AADE #Greece

Over the past 30 days, our community shared 27,165 new #IOCs on ThreatFox 🦊 — an 18% increase from the previous month.

👏 Huge shoutout to 'juroots', our top contributor with 2,746 IOCs submitted.
💀 The most-shared malware family (or in this case framework)? Clearfake, with 2,817 IOCs reported.

Find the full breakdown here: 👉 https://threatfox.abuse.ch/statistics/

#ThreatFox #CommunityPower #SharingIsCaring #CyberThreatIntel

When your "privacy browser" comes with a built-in surveillance suite, it's probably not about privacy.  Our latest research, in collaboration with UNODC, exposes Vault Viper. You might recognize them as "Baoying Group". They are running one of Asia's largest iGaming networks, BBIN, servicing scam centres and cyber-enabled fraud networks across the region.

At the center is the Universe Browser, promoted as a "privacy" and "anti-censorship" tool for illegal online gambling. In reality, it's a high-risk surveillance and exploitation platform designed to bypass detections, proxy access, and maintain persistent access across what we estimate to be millions of devices.

DNS analysis from Infoblox reveals tens of thousands of domains tied to Vault Viper's vast infrastructure, exposing a unique DNS fingerprint and operational control over their own corner of the internet.

But the story does not end here:  BBIN is linked to dozens of commercial ventures - they even had their own airline !  

👉 Read the full report here : https://blogs.infoblox.com/threat-intelligence/vault-viper-high-stakes-hidden-threats/

👉 We spoke to Wired to explain how cybercrime evolved : https://www.wired.com/story/universe-browser-malware-gambling-networks/

#CyberThreatIntel #Infoblox #DNS #VaultViper #riskware #Cybercrime #SoutheastAsia #threatintel #threatintelligence #cybersecurity #infosec #infobloxthreatintel #scam #tds #shazhupan #pigbutchering #malware

⚠️ LunoBotnet: A modular Linux botnet with cryptomining + DDoS-for-hire.
✔️ Self-healing watchdogs
✔️ System binary replacement
✔️ Targets Roblox, Minecraft, Valve
✔️ Markets services via Telegram
Experts call it a criminal infrastructure platform for long-term monetization.

💬 How do you rate the detection difficulty here? Follow @technadu for analysis.

#Cyble #LunoBotnet #LinuxMalware #Cryptojacking #DDoS #Botnet #SelfHealing #Malware #CyberThreatIntel

A major leak has revealed the operations behind North Korea’s state-linked IT workforce.

Slack logs and spreadsheets show how coders apply for remote gigs worldwide, sending back an estimated $600M/year to fund a heavily sanctioned regime.

#NorthKorea #CyberThreatIntel #Infostealers #sanctionsevasion #APT

🚨 Search for software, end up getting ransomware!

The DFIR Report has observed SEO driven #Bumblebee malware campaigns occurring over the month of July. This initial access lead to full domain compromise, data exfiltration, and deployment of Akira Ransomware.

🧅 Attack Chain

Search for IT software in search engine > Click SEO hijacking domain > Download Trojaned installer MSI > Installer executes Bumblebee Malware

🛠️ Other Tools Dropped

AdaptixC2 - Command and Control

Netscan - Discovery

🔍 Additional Discovery

Windows Uiltities - systeminfo, nltest, whoami, net

⚙️ Persistence & Privilege Escalation

Created domain user accounts and added to "Enterprise Administrators"

⬆️ Exfiltration

SFTP via Filezilla

💀 Impact

Akira Ransomware

📖 Full Report:

https://thedfirreport.com/2025/08/05/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira/

#DFIR #ThreatIntel #ThreatHunting #IncidentResponse #DigitalForensics #CyberThreatIntel #CyberSecurity #BlueTeam