Key findings By analysing the networks that most hit our honeypots, we found two autonomous systems named Skynet Network Ltd (AS214295) and Inside Network LTD (AS215476), that we assess with a high level of confidence to be operated by the bulletproof hosting provider...
Key findings Pivots on infrastructure associated to a Python backdoor used by RansomHub, as exposed by GuidePoint Security. These pivots enabled us to discover infrastructure close to this one, related to the offensive tool Eye Pyramid. Explanations on the open-source...
Key findings This report presents: Russia-aligned intrusion sets UAC-0050 and UAC-0006 actively continue to launch financially and espionage motivated spam campaigns in both January and February 2025, against worldwide entities, but with a strong focus on Ukraine....
Key findings This report presents: The intrusion set commonly known as Doppelgänger continues to spread disinformation narratives on social medias such as X, through bot accounts specifically made for such campaigns. As for its previous campaigns, Doppelgänger pushes...
Principale conclusion Les Spoofers sont principalement des loueurs d’infrastructures. Ils développent l’outil et ensuite préparent des « places » payantes pour les autres utilisateurs. Ils jouissent d’une position dominante surtout grâce à la différence de...
Key findings A phishing toolkit that we named “Premium panel”, due to the presence of the sentence “Live Control Panel Premium”. This toolkit is comprised of a panel composed of multiple .php pages and .js scripts that handle victim credentials logging and redirection...
GOin obtient l’agrément PSAN avec l’accompagnement d’Intrinsec, expert en cybersécurité, pour un audit complet et rigoureux GOin, gestionnaire pionnier de crypto-actifs, annonce avoir obtenu l’agrément PSAN délivré par l’Autorité des Marchés Financiers (AMF) pour...
Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and “Pay-Per-Install” solutions like PrivateLoader (also known as “InstallsKey” on Telegram) or the now defunct 360Installer. By searching for the Matomo tracking script...
Key findings This report presents: The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost’...
Key findings This report presents: The Regulations on the Management of Network Product Security Vulnerabilities (RMSV), an extension of China’s 2017 Cybersecurity Law, targeting hardware/software companies as well as cybersecurity researchers. The RMSV...
