In January, I wrote about a vast China-based cloud CDN called Funnull that catered to cybercriminals in China and Russia seeking to route their traffic through US-based Cloud providers, particularly Microsoft and Amazon.

https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/

I did not expect this, or so quickly, but it looks like Treasury just sanctioned Funnulll, calling it a major scam distributor.

https://home.treasury.gov/news/press-releases/sb0149

January's story was based on research by Silent Push, which found a large number of domains hosted via Funnull promoting gambling sites that bear the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group.

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals.

Surprise! Really excited to announce that the next "𝑺𝒐𝒄𝒊𝒂𝒍 𝑬𝒏𝒈𝒊𝒏𝒆𝒆𝒓𝒊𝒏𝒈 & 𝑶𝒑𝒆𝒏-𝒔𝒐𝒖𝒓𝒄𝒆 𝑰𝒏𝒕𝒆𝒍𝒍𝒊𝒈𝒆𝒏𝒄𝒆 𝒇𝒐𝒓 𝑺𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝑻𝒆𝒂𝒎𝒔" open class will be happening at x33fcon in Gdynia, Poland!!

This is an intensive, 2-day training. We will cover:

🔹 Timeless Social Engineering Attack Scenarios: The tricks that keep working (and why).

🔹 The Psychology behind social engineering (we will go well beyond influence tactics!!)

🔹 Hybrid & advanced attack techniques that combine multiple attack verticals.

🔹 The use of AI in all phases of the social engineering kill-chain.

🔹 OSINT: How to conduct reconnaissance on a target (business / person) and what to look for.

🔹 Highly practical open-source intelligence (OSINT) tools & techniques that facilitate attack scenarios.

🔹 Blue Team Countermeasures: How to disrupt social engineering attacks & create a defense strategy.

...but there will also be some surprises 🤫 ✨ ✨

If you're attending #x33fcon this year I look forward to seeing you there!

Class Details & Registration: https://www.x33fcon.com/?fbclid=IwAR2B-2KwiZ3dJeKl-#!t/SE_OSINT.md

#SocialEngineering #OSINT #x33fcon #RedTeam #BlueTeam

DeepSec 2024 Keynote – The Mind Bomb

DeepSec 2024 ended on 22 November 2024. We took a week off to post-process the event in terms of video material and dialogues. Usually only participants get first access to the video recordings, but because of the threat of disinformation from nation states, we published the keynote early and freely. Randahl Fink explained his take on manipulation of elections and entire

https://blog.deepsec.net/deepsec-2024-keynote-the-mind-bomb/

#Conference

"𝑾𝒆𝒍𝒍, 𝑰’𝒎 𝒏𝒐𝒕 𝒓𝒆𝒂𝒍𝒍𝒚 𝒔𝒖𝒑𝒑𝒐𝒔𝒆𝒅 𝒕𝒐 𝒔𝒉𝒂𝒓𝒆 𝒕𝒉𝒊𝒔, 𝒃𝒖𝒕…"
Have you ever heard someone utter this phrase? There is a chance that they could be on the verge of revealing something sensitive—possibly without realizing the implications. And they could be brought to this point, intentionally.

Used in social engineering, intelligence gathering, and even corporate environments, elicitation is the art of extracting valuable or sensitive information during a seemingly regular conversation.

The techniques are usually subtle, non-threatening, easy to disguise, deniable, and effective.

My new article dives into:
🔹 What elicitation is and why it works.
🔹 The psychological tendencies that make us vulnerable.
🔹 3 highly effective elicitation techniques (plus a bonus one).

Understanding these techniques isn’t just about learning how they work; it’s also about recognizing when they’re being used against you. Whether you’re in security, law enforcement, negotiations, or simply someone who wants to protect sensitive information, this is a skill worth knowing about.

And before you go, think: have you ever witnessed (or been part of) a situation where someone unknowingly shared too much? How did it play out?

#Elicitation #SocialEngineering #HumanBehavior #InformationSecurity #Awareness #CyberSecurity

https://christina-lekati.medium.com/elicitation-techniques-74be36e212f8

The new year has come around, and we kick it off with 2 new live online classes from Digital Trails Academy!

🔹 On the 21st of January, I will be giving a 4-hour online class on #Elicitation 𝗧𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀.
Elicitation is about making people volunteer information without asking a single question.
It is part of most social engineering attempts that involve information collection and an integral part of HUMINT operations (including threat intelligence vHUMINT).
Join us to learn how to build rapport and trigger sources to disclose information they otherwise wouldn't!

Want more for your investigative toolkit?

🔹 On the 28th of January, the talented Samuel Lolagar will be teaching his online class on #Telegram 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻𝘀.
In this class, Samuel will discuss the types of criminal activity that leverage Telegram, as well as important investigative tools & techniques to help you maximize your information collection from the platform while maintaining appropriate OPSEC. (link in comments)

All relevant information including the class content and the registration, can be found in the links ⬇️

For the truly dedicated ones: there is also a bundle offer for both classes with a discount!

We both look forward to e-seeing you in a few days! 🙌 🤓

#OSINT #Opensourceintelligence #HUMINT #SocialEngineering #Training

https://digital-trails.academy/