A South Asian APT has been persistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. This post walks through how to pivot from the well-publicized phishing infrastructure to expose APK tooling that compromised members of the military of Asian countries.

strikeready.com/blog/apt-and...

New: A handful of Chinese-linked cyber espionage groups are stepping up targeting of Taiwanese semiconductor companies, per new analysis from @proofpoint.com. Campaigns include targeting of financial analysts focused on the sector as well: www.reuters.com/sustainabili...

Just published:

A two-part blog series in collaboration with
@threatray.bsky.social, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.

Part 1: brnw.ch/21wT9A5
Part 2: brnw.ch/21wT9Ad.

Appreciate it!

Dropping some joint research today with Threatray on TA397/Bitter 🔍

We dive into the confluence of signals that led us to our attribution of the threat actor 🎯

Shoutout to @konstantinklinger.bsky.social and Threatray for collaborating on this research.

www.proofpoint.com/us/blog/thre...

Is the era of the “named actor” done?

As the OG adversary sets diverge, get promoted, or move on

actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)

AND the CTI models maturing…

APTs ⬇️⬇️

UNCs ⬆️⬆️

@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...

Introducing #UNK_CraftyCamel!

Leveraged Trusted Business Relationship? ✅
Low Volume, highly targeted? ✅
Interesting technique? ✅
Overlaps with other IRGC clusters? ✅
Bonus: Infrastructure still up to watch how they respond to the blog? ✅

www.proofpoint.com/us/blog/thre...

It’s low volume.

Dropping some new research on TA397/Bitter 🚨

Hidden in Plain Sight | TA397’s New Attack Chain Delivers Espionage RATs

Report:
www.proofpoint.com/us/blog/thre...

In December 11 and 12, 2024, a spearphishing campaign targeted at least 20 Autonomous System (AS) owners, predominantly Internet Service Providers (ISPs), and purported to come from the Network Operations Center (NOC) of a prominent European ISP.

🧵⤵️

I’m a little excited for this one

#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)

Wait... did a Chinese security vendor just publish research on a suspected Chinese APT backdoor? 🙃

I need your thoughts here @jags.bsky.social

blog.xlab.qianxin.com/analysis_of_...