Alexis Dorais-Joncas (@[email protected])
@adorais
Sr Manager, APT Threat Research @Proofpoint
ID:25084905
18-03-2009 14:54:32
940 Tweets
1,6K Followers
826 Following
Hey #100DaysofYARA friends and fans!
I am looking for a successor to take up the 100 days of yara mantle. I’ll still participate of course, but I think the challenge has reached a point where it can grow much more under a more organized eye
Great research by Greg Lesnewich & team. A lot happens before malware/cred harvesting gets delivered - studying this benign conversation starters phase helps shed some light on TA427's objectives (and also helps creating some fine detection / hunting logic...)
Iran-aligned APT #TA450 ( #MuddyWater #MangoSandstorm #StaticKitten ) has employed new tactics.
For the first time, Threat Insight has observed TA450 attempt to use a malicious URL in a PDF attachment rather than directly linking the file in an email. ow.ly/nu3U50QYWlm
TA450 ( #Muddywater , Mango Sandstorm) proves legitimate remote software will never go out of APT style. Last week, Threat Insight also saw the Iran-aligned actor return to using the legitimate remote administration software Atera Agent to target technology organizations in Africa.…
Are you Wi-Fi? Because we are sensing a strong signal here. 😏
The Proofpoint Threat Research team wishes you a #ValentinesDay filled with joy, laughter, and positivity.
One threat actor abusing #DMARC is North Korea (DPRK)-sponsored group TA427 (aka #EmeraldSleet #APT43 #THALLIUM #Kimsuky ).
Since December 2023, Threat Insight has seen TA427 abuse lax DMARC policies to spoof think tank personnel and government entities.
#ESETresearch has discovered a China-aligned APT group, which we named #Blackwood , that leverages adversary-in-the-middle (AitM) to deliver the NSPX30 implant via software updates. NSPX30 is a sophisticated implant evolving since at least 2005. facundo Mz welivesecurity.com/en/eset-resear… 1/6
New blog post: 'So you want to work in cybersecurity'.
Every time I post research here, I get DMs asking how to get into cybersecurity. Instead of repeating myself ad nauseam, I wrote down all my thoughts on the subject here: blog.kwiatkowski.fr/cybersecurity-…
Personal opinion obviously.
Starting 17 December, Proofpoint observed a highly targeted phishing campaign against customers with a presence in Israel. This campaign masqueraded as emails claiming to have an update related to a recently disclosed F5 BIG IP vulnerability. The emails from cert[@]f5[.]support…
#ESETresearch has documented a growing series of OilRig downloaders using legitimate cloud service providers for C&C communication, all deployed against a small group of especially interesting, repeatedly victimized targets in Israel. welivesecurity.com/en/eset-resear… Zuzana Hromcova 1/7