Intel 471

Cyber threats in Latin America are rising faster than anywhere else. Widespread technological adoption is expanding the attack surface faster than cybersecurity measures can keep up, giving threat actors more opportunities to exploit vulnerabilities. Recently featured in Dark Reading, Intel 471 highlighted how cybercriminals are taking advantage of gaps in Brazil’s fintech boom. Our research uncovered connections between hackers and organized crime, including recruitment efforts on underground forums. Read more about the story: https://hubs.la/Q039xwMM0 #Intel471 #cybersecurity #CTI

Intel 471’s latest Cyber Threat Update takes a closer look at six significant cyber threats making waves right now: *BadPilot Campaign: A Russian state-sponsored subgroup exploits vulnerabilities in widely used software to gain access, deploying remote monitoring tools across energy, telecom, defense, and government sectors. *Black Basta Leaks: Leaked internal chat logs reveal Black Basta’s tactics, including exploiting enterprise vulnerabilities, using Cobalt Strike for command and control, and identifying key operators. *Anubis Ransomware: A newly surfaced RaaS group employs double extortion tactics, supports Windows, Linux, NAS, and ESXi, and offers affiliate programs, signaling a growing ransomware threat. *Ghost Ransomware: Active since 2021, Ghost (Cring) ransomware exploits outdated software and firmware to infiltrate networks across 70+ countries, targeting critical infrastructure and businesses. *Auto-Color Linux Backdoor: A stealthy Linux backdoor targeting universities and governments in North America and Asia, using deceptive file names and encryption to evade detection. *Lotus Blossom: A long-active espionage group deploying new Sagerunex variants that leverage legitimate cloud services for command and control in attacks on government and telecom sectors. Sign up for your HUNTER community account today and tackle these threats head-on: https://hubs.la/Q039HH3Y0 Read the full report below, or download it here?? https://hubs.la/Q039H-B30 #threathunting #cyberthreatupdate #cyberthreats #threatintelligence #cybersecurity

Black Basta’s internal communications just became public. A mysterious leaker released a year’s worth of chat logs from the ransomware group, exposing how they operated, how they selected victims, and even how they allegedly evaded law enforcement. Intel 471 analyzed the 197,000 messages, uncovering key players, their tactics, and the internal fractures that may have weakened the group. The leaks also raise larger questions: Who in power helped them? And what happens next? Read the full analysis: https://hubs.la/Q039bfxJ0 #threatintelligence #threathunting #blackbasta #ransomware #cybercrime

From the very start of the year and throughout, we were reminded of the far-reaching, harmful threat of vulnerabilities and the panic they can create. Intel 471’s Annual Threat Report is packed with data and analysis on these developments, covering the major trends of 2024 and the outlook for 2025. CyberNews cited Intel 471 in their recent article highlighting how this report devotes much of its attention to developing technology and its impact on the cybercriminal underground. Read more about how Intel 471 observed how cybercriminals were advertising a handful of AI-based tools last year: https://hubs.la/Q039tZ6J0 Download the full report for a deeper look at how cybercriminal tactics evolved and where they are headed next: https://hubs.la/Q039v81j0

Roman Sannikov spent years inside the cybercriminal underground - not just as an observer, but as an FBI interpreter and even a covert moderator on a top Russian-language forum. Now, as the founder of Constellation Cyber, he shares his perspective on the evolution of online crime and where ransomware is headed. On this episode of Studio 471, The Evolution of Russian Cybercrime, Sannikov joins Jeremy Kirk to break down the Russian cybercriminal landscape, the shifting dynamics of illicit forums, and the challenges ahead in cyber threat intelligence. Watch now: https://hubs.la/Q039pTm20 #cybercrime #ransomware #threatintelligence #russiancybercrime #cybersecurity

?? EMERGING THREAT UPDATE: BLACK BASTA ?? A leaked JSON file from Telegram user ExploitWhispers exposed 200,000 chat messages from Black Basta ransomware (Sept 2023 - June 2024), revealing new details on their tools, tactics, and operations. This leak rivals the 2022 Conti disclosures. Intel 471 threat hunters have updated the collection with newly uncovered TTPs. As Black Basta continues targeting organizations worldwide, staying ahead of their evolving techniques is critical. ?? Hunt Collection: https://hubs.la/Q039rFsJ0) ?? Full Report: https://hubs.la/Q039rDkz0 Get free access to HUNTER Community Edition, including TTP-based hunt packages for SIEM, EDR, NDR, and XDR platforms, threat emulation & validation, analyst-focused runbooks, and transparent threat intelligence. Sign up here: https://hubs.la/Q039rPb40 #emergingthreat #threathunting #cybersecurity #infosec #threatintelligence #cyberthreats #blackbasta

The SANS Institute 2025 Threat Hunting Survey is set to reveal how organizations are adapting to AI-driven threats and cloud security challenges. Be among the first to hear the key findings. Join SANS Principal Instructor Josh Lemon on March 13 as he unpacks the survey’s insights and what they mean for the future of threat hunting. This webcast will cover how AI is reshaping detection, the latest cloud security challenges, and real-world strategies for defending against supply chain threats. Register here: https://hubs.la/Q0390N3p0 #threathunting #SANS #threathuntingsurvey #cybersecurity #informationsecurity

Intel 471 is excited to invite you to our upcoming event, Breakfast Byte: Intelligence Driven Threat Hunting ?? Our skilled threat hunters will provide examples of data relevant for Croatia and the region obtained from their data collection tools and human analysis utilizing Intel 471’s platform, Titan. We hope you will join us March 13th from 8:30-11:00 in Zagreb. This event is being hosted with the support of the U.S. Commercial Service Zagreb, Croatia. Registration is required. Reserve your spot today! https://hubs.la/Q039ccpn0 #Intel471 #CTI #Cybersecurity #ThreatHunting

Heading to FS-ISAC in New Orleans next week? We hope to connect with you at booth #28! ?? Meet with our experts to explore cutting-edge solutions and discover how we can help protect your organization from emerging threats. We look forward to seeing you! #Intel471 #CTI #cybersecurity

TgToxic, an Android banking trojan first identified in 2022, is evolving rapidly and expanding beyond its initial Southeast Asian targets to financial institutions in Europe and Latin America. Its operators are adapting quickly, shifting from hardcoded command-and-control (C2) infrastructure to community forum dead drops and now a domain generation algorithm (DGA) to stay ahead of defenses. This is a threat security teams should be watching closely. Intel 471’s latest research breaks down the malware’s latest tactics, its impact, and key recommendations for defenders. Read our blog for insights on how to stay ahead of this evolving threat: https://hubs.la/Q0390Hrw0 #threatintelligence #TgToxic #threathunting #malware #infosec #cybersecurity