Alexander Leslie
@aejleslie.bsky.social
Cybercrime & Hacktivism @ Recorded Future | Insikt Group | Curated Intelligence | @aejleslie everywhere else.
Join me tomorrow for a live briefing on the conflict between Israel and Iran.
We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more.
Registration: recordedfuture.registration.goldcast.io/webinar/4b72...
We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more.
Registration: recordedfuture.registration.goldcast.io/webinar/4b72...
June 17, 2025 at 6:29 PM
Join me tomorrow for a live briefing on the conflict between Israel and Iran.
We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more.
Registration: recordedfuture.registration.goldcast.io/webinar/4b72...
We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more.
Registration: recordedfuture.registration.goldcast.io/webinar/4b72...
Thank you to everyone who attended my session at our inaugural Insikt After Dark conference in New York City!
I spoke on our recent efforts to disrupt traffer teams, infostealer operators, and global scam infrastructure.
It’s always an honor to represent Recorded Future!
I spoke on our recent efforts to disrupt traffer teams, infostealer operators, and global scam infrastructure.
It’s always an honor to represent Recorded Future!
June 13, 2025 at 7:03 PM
Thank you to everyone who attended my session at our inaugural Insikt After Dark conference in New York City!
I spoke on our recent efforts to disrupt traffer teams, infostealer operators, and global scam infrastructure.
It’s always an honor to represent Recorded Future!
I spoke on our recent efforts to disrupt traffer teams, infostealer operators, and global scam infrastructure.
It’s always an honor to represent Recorded Future!
Read more! This report includes an extensive list of capabilities and indicators linked to TAG-110 and its recent campaigns targeting Central Asia.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
May 22, 2025 at 2:52 PM
Read more! This report includes an extensive list of capabilities and indicators linked to TAG-110 and its recent campaigns targeting Central Asia.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
🔑: “TAG-110’s recent use of macro-enabled Word templates (.dotm), placed in the Microsoft Word STARTUP folder for automatic execution, highlights a tactical evolution prioritizing persistence.”
May 22, 2025 at 2:52 PM
🔑: “TAG-110’s recent use of macro-enabled Word templates (.dotm), placed in the Microsoft Word STARTUP folder for automatic execution, highlights a tactical evolution prioritizing persistence.”
🔍: “This campaign has been attributed to TAG-110 based on its reuse of VBA code found in lures from previous campaigns, overlap in C2 infrastructure, and use of suspected legitimate government documents for lure material.”
May 22, 2025 at 2:52 PM
🔍: “This campaign has been attributed to TAG-110 based on its reuse of VBA code found in lures from previous campaigns, overlap in C2 infrastructure, and use of suspected legitimate government documents for lure material.”
🎣: “TAG-110 has changed its spearphishing tactics in recent campaigns against Tajikistan, as they now rely on macro-enabled Word templates (.dotm files).”
May 22, 2025 at 2:52 PM
🎣: “TAG-110 has changed its spearphishing tactics in recent campaigns against Tajikistan, as they now rely on macro-enabled Word templates (.dotm files).”
Read more! This report includes extensive research and analysis that can’t be fully captured in a single thread.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
May 8, 2025 at 2:47 PM
Read more! This report includes extensive research and analysis that can’t be fully captured in a single thread.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
🏭: “China’s semiconductor industry likely still faces a bottleneck in producing sub-7 nanometer chips, and it is almost certainly attempting to develop its own extreme ultraviolet lithography tools using alternative techniques to advance domestic AI accelerator production.”
May 8, 2025 at 2:47 PM
🏭: “China’s semiconductor industry likely still faces a bottleneck in producing sub-7 nanometer chips, and it is almost certainly attempting to develop its own extreme ultraviolet lithography tools using alternative techniques to advance domestic AI accelerator production.”
🔑: “Adopting open source is more prevalent among Chinese AI companies and likely enables China to diffuse its models more broadly than US proprietary models.”
May 8, 2025 at 2:47 PM
🔑: “Adopting open source is more prevalent among Chinese AI companies and likely enables China to diffuse its models more broadly than US proprietary models.”
⚖️: “Closing the performance gap while being cost-competitive is very likely to pay off for China by driving the adoption of Chinese generative AI models domestically and abroad.”
May 8, 2025 at 2:47 PM
⚖️: “Closing the performance gap while being cost-competitive is very likely to pay off for China by driving the adoption of Chinese generative AI models domestically and abroad.”
🗓️: “According to Insikt Group's analysis of model benchmarks, Elo scores, and industry expert assessments, Chinese generative AI models likely now have a three to six-month performance gap behind US rivals, though this time lag is shortening.”
May 8, 2025 at 2:47 PM
🗓️: “According to Insikt Group's analysis of model benchmarks, Elo scores, and industry expert assessments, Chinese generative AI models likely now have a three to six-month performance gap behind US rivals, though this time lag is shortening.”
💡: “AI diffusion rather than innovation will very likely determine the ‘winner’ in the competition… but whether the US or China has greater levels of diffusion is unclear, with one metric (patents) nevertheless showing China has a lead in many industries.”
May 8, 2025 at 2:47 PM
💡: “AI diffusion rather than innovation will very likely determine the ‘winner’ in the competition… but whether the US or China has greater levels of diffusion is unclear, with one metric (patents) nevertheless showing China has a lead in many industries.”
🧑🎓: “The international AI talent pool likely continues to favor the US due to a continuing — though declining — immigration advantage and the quality of elite educational institutions, but the practical implications of this lead for AI competition are likely eroding.”
May 8, 2025 at 2:47 PM
🧑🎓: “The international AI talent pool likely continues to favor the US due to a continuing — though declining — immigration advantage and the quality of elite educational institutions, but the practical implications of this lead for AI competition are likely eroding.”
💰: “China’s overall government-led funding likely exceeds investment by US federal and state governments… however, total private-sector investment in AI companies in the US vastly outmatches private-sector investment in China.”
May 8, 2025 at 2:47 PM
💰: “China’s overall government-led funding likely exceeds investment by US federal and state governments… however, total private-sector investment in AI companies in the US vastly outmatches private-sector investment in China.”
🤝: “China’s rapidly maturing AI ecosystem is very likely increasingly fostering collaboration between government, industry, and academia, and is supported by steady advances in semiconductor manufacturing.”
May 8, 2025 at 2:47 PM
🤝: “China’s rapidly maturing AI ecosystem is very likely increasingly fostering collaboration between government, industry, and academia, and is supported by steady advances in semiconductor manufacturing.”
🔑: “Insikt Group observed ten distinct TerraStealerV2 distribution samples between January and March 2025 that employed varied delivery methods, including MSI, DLL, and LNK files.”
May 2, 2025 at 5:06 PM
🔑: “Insikt Group observed ten distinct TerraStealerV2 distribution samples between January and March 2025 that employed varied delivery methods, including MSI, DLL, and LNK files.”
🛠️: “TerraStealerV2 lacks support for decrypting Chrome ABE-protected credentials, indicating the tool is likely outdated or still under development.”
May 2, 2025 at 5:06 PM
🛠️: “TerraStealerV2 lacks support for decrypting Chrome ABE-protected credentials, indicating the tool is likely outdated or still under development.”
⌨️: “TerraLogger is the first observed use of a keylogging capability within malware developed by Golden Chickens.”
May 2, 2025 at 5:06 PM
⌨️: “TerraLogger is the first observed use of a keylogging capability within malware developed by Golden Chickens.”
🔍: “Insikt Group identified two new malware families, TerraStealerV2 and TerraLogger, attributed to the threat actor Golden Chickens. TerraStealerV2 can steal browser credentials and target cryptocurrency wallets… TerraLogger functions solely as a standalone keylogger module.”
May 2, 2025 at 5:06 PM
🔍: “Insikt Group identified two new malware families, TerraStealerV2 and TerraLogger, attributed to the threat actor Golden Chickens. TerraStealerV2 can steal browser credentials and target cryptocurrency wallets… TerraLogger functions solely as a standalone keylogger module.”
Read more! This report includes an extensive list of indicators to complement technical analysis and threat hunting strategies.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
April 29, 2025 at 3:44 PM
Read more! This report includes an extensive list of indicators to complement technical analysis and threat hunting strategies.
PDF: go.recordedfuture.com/hubfs/report...
PDF: go.recordedfuture.com/hubfs/report...
🐀: “GhostWeaver’s self-signed X.509 certificates are similar to those of AsyncRAT and variants of AsyncRAT, leading to initial false associations with other malware families such as AsyncRAT.”
April 29, 2025 at 3:44 PM
🐀: “GhostWeaver’s self-signed X.509 certificates are similar to those of AsyncRAT and variants of AsyncRAT, leading to initial false associations with other malware families such as AsyncRAT.”
👻: “Insikt Group shows that GhostWeaver is the primary payload deployed by MintsLoader across observed campaigns.”
April 29, 2025 at 3:44 PM
👻: “Insikt Group shows that GhostWeaver is the primary payload deployed by MintsLoader across observed campaigns.”
🔥: “Recorded Future’s Malware Intelligence Hunting provides up-to-date C2 domains and other artifacts related to MintsLoader that would otherwise be hard to track due to its dynamic infrastructure.”
April 29, 2025 at 3:44 PM
🔥: “Recorded Future’s Malware Intelligence Hunting provides up-to-date C2 domains and other artifacts related to MintsLoader that would otherwise be hard to track due to its dynamic infrastructure.”
🔑: “MintsLoader's use of a DGA to generate daily C2 domains based on the system date complicates infrastructure monitoring activity and domain/IP-based detections.”
April 29, 2025 at 3:44 PM
🔑: “MintsLoader's use of a DGA to generate daily C2 domains based on the system date complicates infrastructure monitoring activity and domain/IP-based detections.”
🛡️: “MintsLoader's second-stage PowerShell script uses sandbox and virtual environment evasion techniques, reducing its susceptibility to automated analysis and increasing its likelihood of bypassing dynamic detection tools.”
April 29, 2025 at 3:44 PM
🛡️: “MintsLoader's second-stage PowerShell script uses sandbox and virtual environment evasion techniques, reducing its susceptibility to automated analysis and increasing its likelihood of bypassing dynamic detection tools.”