Key findings The detection of 18 samples of Acreed, an infostealer that is gaining traction among cybercriminals. The mechanism of C2 domain retrieval, that uses the BNB Smartchain Testnet and the Steam platform as dead drop resolvers. Three C2 domains used by the...
Key findings Between June and July 2025, Ukraine-based autonomous system FDN3 – AS211736, allocated by the entity FOP Dmytro Nedilskyi, was used to launch multiple hundreds of thousands of brute force and password spraying attacks against SSL VPN and RDP devices, over...
Key findings We found a new heuristic allowing us to keep tracking the attack infrastructure of the infamous ShadowSyndicate known to leverage a wide range of top-tier Ransomware-as-service. ShadowSyndicate used the same Secure Shell (SSH) fingerprint on many servers...
Key findings Information on WhoIs records of cracking websites used to deliver stealer, which have impacted some of our clients. Inside the records, various email addresses link to real identity of Pakistani freelancers specialised in web development and advertising....
Key findings By analysing the networks that most hit our honeypots, we found two autonomous systems named Skynet Network Ltd (AS214295) and Inside Network LTD (AS215476), that we assess with a high level of confidence to be operated by the bulletproof hosting provider...
Key findings Pivots on infrastructure associated to a Python backdoor used by RansomHub, as exposed by GuidePoint Security. These pivots enabled us to discover infrastructure close to this one, related to the offensive tool Eye Pyramid. Explanations on the open-source...
