Recent searches

No recent searches

Search options

Only available when logged in.
sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Administered by:

Server stats:

588
active users

sigmoid.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#threatintel

6 posts6 participants0 posts today
Renée Burton

I promised another shoe would fall... here is part one of the VexTrio origin story. It is just too big for one entry, so a few more will come in the next few weeks... and this is still a small fraction of what we know. The story of malicious adtech has long legs.

We had great reception at BlackHat. One of the most common questions was: why are you giving this talk? Simple. It's a story that needs to be told and one that is too big to carry alone. We are looking for message carriers in the media, champions in the government, partners in the industry.

Organized crime, predominantly Russian speaking, has a strong foothold in the advertising world - and they are ensuring the delivery of everything from dating scams to information stealers. Let's root them out together.

boosts for awareness appreciated.

#dns #threatintel #scam #malware #infosec #cybersecurity #cybercrime #infoblox

blogs.infoblox.com/threat-inte

Infoblox Blog · VexTrio Unveiled: Inside the Notorious Scam EnterpriseWe expose adtech operators who partner with malware threat actors to commit digital fraud on a global scale through their affiliate advertising networks.
*
⚯ Michel de Cryptadamus ⚯

someone hacked an iranian / chinese bitcoin mining pool (#LuBian) for what is now $15 billion worth of bitcoin back in 2020... and no one (other than the victims) seems to have even noticed until a few days ago. the thieves still have the bitcoins.

even in 2020 this was a $3.5 billion heist, making it the largest theft of any kind in human history.

should serve as a reminder that people who advocate for a "bitcoin standard" expect the world's governments to opt in to a system where, if north korea steals america's bitcoins, then it's game over for the american military and retirement system.

x.com/arkham/status/1951729790

X (formerly Twitter)Arkham (@arkham) on XBREAKING: ARKHAM UNCOVERS $3.5B HEIST - THE LARGEST EVER LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth
#PRC#bitcoin#bitcoinMining
Infoblox Threat Intel

After three years of relentless tracking, we’ve published a [paper](blogs.infoblox.com/threat-inte) that, for the first time, exposes the true identities behind VexTrio. This research connects real names to the various companies that form the VexTrio ecosystem. It begins with the origin story—how a group of Italians launched a successful spam and dating business. Over time, VexTrio expanded its operations into malicious adtech and online scams. For over a decade, the group employed deceptive tactics to defraud countless innocent internet users. These illegitimate gains funded the extravagant lifestyles of VexTrio’s key figures—who, despite increasing scrutiny, have yet to be fully stopped.

We’re deeply grateful to all the contributors who helped us reach this research milestone, especially @rmceoin and Tord from [Qurium](qurium.org/).

Infoblox Blog · VexTrio Unveiled: Inside the Notorious Scam EnterpriseWe expose adtech operators who partner with malware threat actors to commit digital fraud on a global scale through their affiliate advertising networks.
#dns#threatintel#threatintelligence
Threat Intelligence

Interesting research coming out from Censys and Vulncheck regarding attacker infrastructure.

2025-07-31 (vulncheck.com) Attacker Infrastructure Persistence: Analysis of Malicious Tool Longevity and Operational Patterns

2025-08-06 (censys.com) Understanding C2 Infrastructure Lifespans: TTL Analysis for Enhanced Threat Detection and Response

#ThreatIntel #Cybersecurity #Infosec
(1/2)

Christoffer S.

On the topic of #SonicWall vulnerabilities, there have been some events over the past month or so:

2025-08-01: arcticwolf.com/resources/blog/

2025-07-28: labs.watchtowr.com/stack-overf

2025-07-16: cloud.google.com/blog/topics/t (updated 2025-07-30 with iocs)

2025-06-04: blog.scrt.ch/2025/06/04/sonicd

Arctic Wolf · Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN I Arctic WolfIn late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access.
#ThreatIntel#Cybersecurity#Infosec
Infoblox Threat Intel

Tens of thousands of compromised websites use DNS TXT records to conditionally redirect visitors to malicious content. For years, this exclusively redirected to VexTrio TDS - but in late-November 2024, it changed. But did it? We think not.

A couple of major takeaways from the research we released in June and what we've continued to learn since then:

* DNS is being used very successfully to drive innocent people to malware and scams, including alarming tech support scams

* These can be stopped by blocking the DNS query but it must be done at the website server side not the visitor

* VexTrio is tight not just with malware actors who hack sites and drive traffic to them, but they appear to be one and the same, or at least closely related, to infamous TDS and a multitude of other "adtech" platforms.

* reviewing old literature carefully connects VexTrio via shared software with ROI777

we're going to throw up more "snackables" before heading to Vegas. If you want to see the faces behind VexTrio and hear their origin story, come see our talk or track us down at the booth.

#threatintel#malware#tds
Christoffer S.

Threat Profile - China.

cstromblad.com/posts/china-thr

I have published, if I may say so, a reasonably extensive analysis on Chinese cyber threat activity during May, June and July for 2025.

The work is based on the many excellent reports provided by numerous individuals, organizations and companies. I'm standing on the shoulders of giants and I'm trying to contribute back something.

This aggregated view hopefully provides an interesting perspective on Chinese cyber activity and insights not perhaps as easily discerned when each individual article is read... well, individually.

Let me know what you think and if you find it useful, valuable etc.

STRÖMBLAD · China - Threat Profile (Activity covering May through July, 2025)In this article I have made an attempt at providing an up-to-date threat analysis of China. The analysis is based on open sources articles and reports published in May, June and July for 2025.
#ThreatIntel#Cybersecurity#Infosec
Mario Rojas

Qilin ransomware affiliate panel credentials have been exposed due to internal conflict. Remarkable how these groups implode from within.

The breach could reveal their entire affiliate network structure and operational methods, data that's typically impossible to obtain.

These internal might be one of our most valuable intelligence sources on ransomware operations.

#qilin #ransomware #breach #OSINT #ThreatIntel
gbhackers.com/qilin-ransomware

GBHackers Security | #1 Globally Trusted Cyber Security News Platform · Qilin Ransomware Affiliate Panel Login Credentials Exposed OnlineA significant security breach within the Qilin ransomware operation has provided unprecedented insight into the group's affiliate network structure.
Alexandre Dulaunoy

When I added the threat-actor @misp galaxy type on Mar 4, 2016, I didn’t expect that, years later, vendors would still invent new names for already known threat actors, avoid using UUIDs, reuse similar names for different actors, and create confusing names by mixing tools or software used by the actors.

That’s why we continue the tedious work of maintaining a proper threat-actor database, with relationships to other galaxies such as MITRE ATT&CK, Malpedia, and more.

After years of this monastic effort, we’re seeing the benefits—many open-source and proprietary tools now rely on the MISP galaxy, which serves as both an open standard and a public knowledge base.

We also maintain a dedicated website for all MISP galaxies. Here’s an example from the threat-actor database:
misp-galaxy.org/threat-actor/r

:github: Repository github.com/MISP/misp-galaxy/
🌐 Public website misp-galaxy.org/threat-actor/

If you’d like to become a monk (just kidding!) and contribute, feel free to open an issue or submit a pull request on the misp-galaxy repo.

In MISP, you can directly benefit from all the galaxies, and you also have advanced functionalities like forking and maintaining an up-to-date private version of the threat-actor database.

#threatintel#threatintelligence#opensource
TrendingLive feeds
About