Lawrence S.
@lawrencesec.bsky.social
🇬🇧 Threat Research @ Recorded Future.
I Like Tracking ASNs and ISPs for some reason...
I Like Tracking ASNs and ISPs for some reason...
Pinned
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
1/ It's nice to see the topic of bulletproof hosters and Threat Activity Enablers gaining more mainstream attention; however, a bigger problem than endless shell companies exists, and that is RIPE RIR policy. bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
November 26, 2025 at 2:11 PM
1/ It's nice to see the topic of bulletproof hosters and Threat Activity Enablers gaining more mainstream attention; however, a bigger problem than endless shell companies exists, and that is RIPE RIR policy. bindinghook.com/neutral-inte...
Reposted by Lawrence S.
NSA Joins CISA and Others to Release Guidance on Mitigating Malicious Activity from Bulletproof Hosting Provider Infrastructure
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
www.nsa.gov
November 20, 2025 at 12:03 PM
NSA Joins CISA and Others to Release Guidance on Mitigating Malicious Activity from Bulletproof Hosting Provider Infrastructure
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
November 19, 2025, NSA/CSS
www.nsa.gov/Press-Room/P...
Reposted by Lawrence S.
The national cyber director and a top FBI official shared more details about the forthcoming Trump administration document Tuesday. via @timstarks.bsky.social cyberscoop.com/trump-cyber-...
Completed draft of cyber strategy emphasizes imposing costs, industry partnership
The forthcoming Trump administration cyber strategy will introduce six key pillars, emphasizing deterrence of cyber threats and enhanced industry partnerships, with action items and deliverables for U...
cyberscoop.com
November 19, 2025 at 2:57 PM
The national cyber director and a top FBI official shared more details about the forthcoming Trump administration document Tuesday. via @timstarks.bsky.social cyberscoop.com/trump-cyber-...
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
ofac.treasury.gov
November 19, 2025 at 5:17 PM
1/ United States, Australia, and United Kingdom sanction Russian threat activity enabler Media Land (Yalishanda) and follow up on recent designations targeting Aeza. ofac.treasury.gov/recent-actio...
1/ Reports indicating that CrazyRDP is the bulletproof hoster behind this seizure in the Netherlands. nltimes.nl/2025/11/14/d...
Dutch police seize thousands of servers used for ransomware, child sex abuse footage
The Dutch police seized thousands of servers in The Hague and Zoetermeer, used solely for hosting criminal activities. According to the police, the hosting company rented space to criminals to carry o...
nltimes.nl
November 15, 2025 at 12:07 PM
1/ Reports indicating that CrazyRDP is the bulletproof hoster behind this seizure in the Netherlands. nltimes.nl/2025/11/14/d...
1/ [UPDATE] As of November 10, 2025, metaspinner net GmbH has provided substantial evidence confirming Insikt Group’s original assessment that their identity was unlawfully and fraudulently used in the registration of #AS209800.
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 12, 2025 at 9:51 PM
1/ [UPDATE] As of November 10, 2025, metaspinner net GmbH has provided substantial evidence confirming Insikt Group’s original assessment that their identity was unlawfully and fraudulently used in the registration of #AS209800.
Reposted by Lawrence S.
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure gbhackers.com/german-isp-a...
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure
German hosting provider aurologic GmbH has emerged as a critical hub within the global malicious infrastructure ecosystem, according to recent intelligence reporting.
gbhackers.com
November 9, 2025 at 3:24 PM
German ISP aurologic GmbH Identified as Key Hub for Malicious Hosting Infrastructure gbhackers.com/german-isp-a...
Reposted by Lawrence S.
Malicious Infrastructure Finds Stability with aurologic GmbH
Malicious Infrastructure Finds Stability with aurologic GmbH
assets.recordedfuture.com
November 7, 2025 at 11:24 AM
Malicious Infrastructure Finds Stability with aurologic GmbH
Reposted by Lawrence S.
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
cybersecuritynews.com
November 8, 2025 at 12:41 AM
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 6, 2025 at 11:30 AM
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
Reposted by Lawrence S.
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals
Explore how Russia’s cybercriminal ecosystem evolved under Operation Endgame—where state control, selective enforcement, and criminal alliances collide.
www.recordedfuture.com
October 22, 2025 at 2:26 PM
Recorded Future just published Dark Covenant 3.0, revealing how global crackdowns and shifting Russian enforcement are reshaping the cybercriminal underground, exposing ties to state actors and turning cybercrime into a geopolitical tool: www.recordedfuture.com/research/dar...
Reposted by Lawrence S.
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 8:45 AM
Great work by my colleague, @lawrencesec.bsky.social ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇
Reposted by Lawrence S.
Great opinion piece by my colleague @lawrencesec.bsky.social on an extremely timely and important topic!
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
October 21, 2025 at 8:59 AM
Great opinion piece by my colleague @lawrencesec.bsky.social on an extremely timely and important topic!
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 8:53 AM
🚨 My latest research for @bindinghook is out!
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
I explore how sanctions against #Aeza and #StarkIndustries reveal the limits of current policy, and how #ThreatActivityEnablers exploit RIR policy and company registration frameworks to maintain infrastructure and support ongoing cyber operations.
Reposted by Lawrence S.
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
‘Neutral’ internet governance enables sanctions evasion
Internet service providers and hosting companies enable cybercrime and cyber operations. Why don’t sanctions stop them?
bindinghook.com
October 21, 2025 at 7:19 AM
In his latest for Binding Hook, @lawrencesec.bsky.social looks at how internet service providers work within the system to evade sanctions and enable #cyberattacks and #disinformation campaigns: bindinghook.com/neutral-inte...
Reposted by Lawrence S.
#Surveillance has become central to #counterterrorism in democracies, but its spread into daily life raises a key question: how much monitoring can a free society absorb without losing trust? bindinghook.com/why-democrac...
Why democracies need emotional resilience against surveillance
Surveillance technologies have become central to democratic counterterrorism, reshaping how citizens relate to the state. By extending into everyday life, these tools not only promise protection but a...
bindinghook.com
October 16, 2025 at 11:19 AM
#Surveillance has become central to #counterterrorism in democracies, but its spread into daily life raises a key question: how much monitoring can a free society absorb without losing trust? bindinghook.com/why-democrac...
Reposted by Lawrence S.
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
October 1, 2025 at 1:03 PM
👋 Don't miss the first Colloquium session tomorrow!
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET
Reposted by Lawrence S.
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 24, 2025 at 6:57 PM
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by Lawrence S.
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Secret Service agents dismantle network that could shut down New York cellphone system
Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.
www.nbcnews.com
September 23, 2025 at 6:49 PM
1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.
Reposted by Lawrence S.
-US raids SIM farm in New York
-EU airport disruptions caused by ransomware
-Thieves steal gold from French museum after cyberattack
-SonicWall firmware update removes rootkit
-Jaguar ransomware incident extends to October
Podcast: risky.biz/RBNEWS482/
Newsletter: news.risky.biz/risky-bullet...
-EU airport disruptions caused by ransomware
-Thieves steal gold from French museum after cyberattack
-SonicWall firmware update removes rootkit
-Jaguar ransomware incident extends to October
Podcast: risky.biz/RBNEWS482/
Newsletter: news.risky.biz/risky-bullet...
September 24, 2025 at 8:32 AM
-US raids SIM farm in New York
-EU airport disruptions caused by ransomware
-Thieves steal gold from French museum after cyberattack
-SonicWall firmware update removes rootkit
-Jaguar ransomware incident extends to October
Podcast: risky.biz/RBNEWS482/
Newsletter: news.risky.biz/risky-bullet...
-EU airport disruptions caused by ransomware
-Thieves steal gold from French museum after cyberattack
-SonicWall firmware update removes rootkit
-Jaguar ransomware incident extends to October
Podcast: risky.biz/RBNEWS482/
Newsletter: news.risky.biz/risky-bullet...
The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. www.gov.uk/government/n...
UK sanctions Georgia-linked supporters of Putin’s illegal war in Ukraine
The UK has announced new sanctions targeting Georgia-linked supporters of Putin’s illegal war in Ukraine.
www.gov.uk
September 22, 2025 at 3:48 PM
The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. www.gov.uk/government/n...
Reposted by Lawrence S.
I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!
www.virusbulletin.com/conference/v...
www.virusbulletin.com/conference/v...
September 22, 2025 at 8:23 AM
I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!
www.virusbulletin.com/conference/v...
www.virusbulletin.com/conference/v...
Reposted by Lawrence S.
Recorded Future's Insikt Group reports CopyCop, also tracked as Storm 1516, expanding in 2025, adding at least 200 new fictional media websites targeting the United States, France and Canada and using self-hosted LLMs. www.recordedfuture.com/research/cop...
September 18, 2025 at 9:10 AM
Recorded Future's Insikt Group reports CopyCop, also tracked as Storm 1516, expanding in 2025, adding at least 200 new fictional media websites targeting the United States, France and Canada and using self-hosted LLMs. www.recordedfuture.com/research/cop...