Intel 471

My career began in the trenches and progressed from there, so transitioning into an executive role was challenging—I always have that urge to get back in the mud. To scratch that itch, I narrowed my focus and dedicated a bit of my time each week to researching only malicious infrastructure providers. This has been a deep interest of mine since the heyday of AbdAllah and the Russian Business Network (RBN) in the mid-2000s. (Who remembers David Bizeul awesome “Russian Business Network Study” from 2007!!?) Often, the underground world of cybercrime must surface to interact with the above-ground world, and that’s where things get interesting. The real significance, however, lies in the opportunity to identify and track swaths of malicious infrastructure before it’s used for badness. These groups run front companies, have their own ASNs, and operate prefixes/netblocks—all things that can be identified and used proactively to defend against the long list of threats they facilitate. It’s an upstream approach. One example that has always stuck with me is that of the Hancitor loader malware. Back in the day, Hancitor was used to deliver some of the top malware families being used. For years, it relied on a single bulletproof hosting (BPH) service for a critical part of its infection chain. Visibility into Yalishanda’s BPH service essentially gave defenders an advantage—not just against Hancitor itself, but also against any of the secondary payloads it was distributing I don't get to spend much time in trenches day-to-day, but rest assured the Intel 471 team is all over these BPH services. #threathunting #threatIntelligence #cybercrime #malware #cybersecurity #networksecurity #incidentresponse https://lnkd.in/gaTwr8Q5

Intel 471 organizará un Lunch and Learn en Madrid el 3 de abril, ?y nos encantaría que estuvieras allí! únete a otros profesionales de CTI para disfrutar de una excelente comida, buenas conversaciones y un análisis de las últimas tendencias que están dando forma al panorama de las amenazas cibernéticas. Es una oportunidad para conectar, compartir conocimientos y aprender en un ambiente relajado. Las plazas son limitadas. ?Reserva tu asiento hoy! ----------- Intel 471 is hosting a Lunch and Learn in Madrid on April 3rd, and we’d love to have you there! Join fellow CTI professionals for a great meal, good conversation, and a look at the latest trends shaping the cyber threat landscape. It’s a chance to connect, share insights, and learn in a relaxed setting. Spots are limited. Save your seat today! https://hubs.la/Q03bZd240 #lunchandlearn #cybersecurity #threatintelligence #threathunting

We had a great time hosting Breakfast Byte: Intelligence Driven Threat Hunting with the support of the U.S. Commercial Service Zagreb. Thanks to all who joined us. We hoped you walked away with valuable insights to fight cyber crime and keep our digital world safe and secure. We look forward to the next one! #Intel471 #CTI #cybersecurity

?? EMERGING THREAT UPDATE: LOCKBIT 4.0 ?? LockBit 4.0 is pushing its evasion tactics further, using modified PowerShell scripts to execute malicious DLL payloads while disabling security features to stay undetected. Researchers have also observed obfuscation techniques that make detection even more challenging. The ransomware continues its pattern of encrypting files, appending the “.lockbit” extension, and demanding payment through a dropped ransom note. Intel 471 threat hunters have updated the collection with Hunt Packages tracking mshta.exe abuse, PowerShell-based downloads and execution, privilege escalation, RDP modifications, and obfuscated exfiltration methods using Rclone and MegaCMD. As LockBit operators refine their techniques, defenders must move just as fast. ?? Hunt Collection: https://hubs.la/Q03bNL5H0) ?? Full Report: https://hubs.la/Q03bNMVF0 Get free access to HUNTER Community Edition, including TTP-based hunt packages for SIEM, EDR, NDR, and XDR platforms, threat emulation & validation, analyst-focused runbooks, and transparent threat intelligence. Sign up here: https://hubs.la/Q03bNL9k0 #emergingthreat #threathunting #cybersecurity #infosec #threatintelligence #cyberthreats #lockbit

Cybersecurity researchers have identified a new variant of the TgToxic Android malware. This new variant is designed to steal user credentials, cryptocurrency from digital wallets and funds from banking and finance apps. Intel 471 was mentioned in a recent SC Media article highlighting how the malware now also features improved emulator detection and updates to its command-and-control URL generation, allowing it to avoid detection. Read more: https://hubs.la/Q03bLHS_0

Black Basta’s leader didn’t just slip through the cracks. He walked out of an Armenian courtroom and vanished. Intel 471 connected the dots, linking the ransomware gang’s leader, known as GG, to Oleg Nefedov. Leaked messages suggest high-level connections helped him escape. Read more on CyberNews: https://hubs.la/Q039W60W0 #Intel471 #cybersecurity #CTI

The highly anticipated 2025 SANS Threat Hunting Survey is almost here. Join SANS Principal Instructor Josh Lemon on March 13 for an exclusive first look at the findings and what they reveal about how organizations are tackling AI-driven threats and cloud security challenges. The webcast will explore key trends in threat detection, the impact of generative AI, and strategies for defending against supply chain attacks. Register here to attend: https://hubs.la/Q03bw8NJ0 #threathunting #SANSResearch #cybersecurity

Threat hunting is only effective when it’s focused on the right things. Too many hunters waste time on distractions instead of what drives real results. Out of the Woods: The Threat Hunting Podcast goes live tomorrow with an interactive discussion on how experienced hunters prioritize their time, refine their investigative approach, and avoid common pitfalls. Our hosts will share lessons learned, mistakes to watch for, and strategies that make an impact. Listeners can be part of the conversation through our Discord channel, where our hosts will be engaging in real time. Join the discussion: https://hubs.la/Q03bpX160 #threathunting #threatintelligence #cybersecurity #securityanalyst

If you’re the buyer of security products for a large company, how do you ensure that a product works as promised? In this Studio 471 episode, Simon Edwards of SE Labs walks through how his company conducts ethical and realistic tests based on the Cyber Kill Chain and MITRE ATT&CK. ??Tune in as Simon breaks down his approach to testing security software, sharing insights on his methods and what sets effective testing apart: https://hubs.la/Q03bjM4Q0 #Intel471 #Studio471 #cybersecurity #CTI

Threat hunting is stronger when we refine our approach together. Join Intel 471’s Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs on March 27 from 9:30 AM to 1:30 PM ET for a four-hour hands-on session focused on identifying adversary behaviors and sharpening investigative techniques. This interactive workshop covers key cybersecurity models, structured methodologies, and real-world hunting scenarios to help you build a stronger, intelligence-driven process. Those who complete the final challenge will earn the Threat Hunting – Foundational Badge, recognizing their ability to apply these skills in real investigations. Sign up today: https://hubs.la/Q03bcycD0 #threathunting #threatintelligence #cybersecurity #securityfoundations #TTPs