| Website | https://censys.com/ |
| Censys Platform | https://platform.censys.io |
Multiple US gov agencies have warned orgs to stay vigilant for potential Iran-affiliated cyber activity. We studied exposure of 4 vendors previously known to be of interest to IR-affiliated groups.
Read more: https://censys.com/blog/ics-iran-exposure-of-previously-targeted-devices
🔌 Iran Internet Outage Update
Since June 18, Iran has faced a near-total internet blackout. June 21 marked the lowest point in visibility—but signs of recovery are emerging.
📉 Some networks (e.g., DATAK, HAMYAR-AS) remain unstable.
📈 Others (e.g., RESPINA-AS, MOBINNET-AS) are bouncing back strong.
🧭 TIC appears in nearly all slow-recovering transit paths.
We’re tracking it all.
🔍 View the update at Censys: https://censys.com/blog/irans-internet-a-censys-perspective
#InternetShutdown #Iran #NetworkOutage #Censys #InternetIntelligence
Identifying North Korean Kimsuky (APT43) Infrastructure
https://medium.com/@pteconway/identifying-north-korean-kimsuky-apt43-infrastructure-b6817a58a65b
🔍 We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures:
https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #ga
https://www.censys.com/blog/internet-scale-proactive-threat-hunting-and-detection
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here:
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out:
https://censys.com/blog/tracking-ayysshush-a-newly-discovered-asus-router-botnet-campaign
Trend Micro recently uncovered a campaign leveraging TikTok to distribute malware via AI-generated videos, tricking users into installing Vidar and StealC infostealers instead of the promised pirated software.
Using IOCs provided by Trend Micro, we used Censys to find more related infrastructure, including a relatively new bulletproof service provider. Read our analysis here:
LCSC-IE, Cyber Threat Intel News 🇮🇪
