Research & Intelligence
COBALT ILLUSION Masquerades as Atlantic Council Employee
Counter Threat Unit Research TeamThe phishing campaign targets researchers who document the suppression of women and minority groups in Iran. Read More
Cybersecurity Threat Intelligence Blogs Categories
Category: Research & Intelligence
Research & Intelligence
Abraham's Ax Likely Linked to Moses Staff
Counter Threat Unit Research TeamBoth personas are likely operated by the Iranian COBALT SAPLING threat group. Read More
Research & Intelligence
Drokbk Malware Uses GitHub as Dead Drop Resolver
Counter Threat Unit Research TeamA subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence. Read More
Research & Intelligence
A Winning Combination: Hardening, Early Threat Detection, and Rapid Response
Alexandros Papadopoulos, Incident Response ConsultingHow proactively hardening Active Directory and investing in the Taegis ManagedXDR service quickly contained a breach. Read More
Research & Intelligence
2022 State of the Threat: A Year in Review
Barry Hensley, Secureworks Chief Threat Intelligence OfficerRansomware, loaders, stealers, zero-day exploits, cyberwarfare, espionage: the cyber threats kept coming in 2022 – and threat actors are growing in skill and stealth. Read More
Research & Intelligence
Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
Counter Threat Unit Research TeamArtifacts exposed personas and companies associated with the Iranian threat group. Read More
Research & Intelligence
BRONZE PRESIDENT Targets Government Officials
Counter Threat Unit Research TeamThe likely Chinese government-sponsored threat group uses decoy documents and PlugX malware to compromise targets. Read More
Research & Intelligence
Unsecured Elasticsearch Data Replaced with Ransom Note
Counter Threat Unit Research TeamSecurity controls such as MFA can limit access to internet-facing databases. Read More
Research & Intelligence
COBALT MIRAGE Conducts Ransomware Operations in U.S.
Counter Threat Unit Research TeamThe Iranian threat group blurs the line between financially motivated attacks and espionage. Read More
Research & Intelligence
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
Counter Threat Unit Research TeamUpdated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations. Read More
