OTX Bot<p>Applications of Snake Keylogger in Geopolitics: Abuse of Trusted Java Utilities in Cybercriminal Activities</p><p>A new phishing campaign using Snake Keylogger, a Russian-origin stealer, has been discovered targeting various victims including corporations, governments, and individuals. The campaign uses spear-phishing emails offering petroleum products, with malicious attachments exploiting the legitimate jsadebugd.exe binary through DLL sideloading to load Snake Keylogger. The attackers are leveraging current geopolitical tensions in the Middle East to expand their reach. The malware steals credentials from browsers and applications, collects system information, and exfiltrates data via SMTP. This campaign marks the first observed malicious use of jsadebugd.exe, indicating evolving tactics to evade detection.</p><p>Pulse ID: 686a64122fafa4b925fb6300<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/686a64122fafa4b925fb6300" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/686a6</span><span class="invisible">4122fafa4b925fb6300</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-06 11:54:58</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Browser</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyLogger</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/MiddleEast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MiddleEast</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
225active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#ics
1 post · 1 participant · 0 posts today
Marcus Rohrmoser 🌻<p>Hello <a href="https://digitalcourage.social/tags/lazyweb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lazyweb</span></a>: how to convert <a href="https://digitalcourage.social/tags/microformat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microformat</span></a> events into <a href="https://digitalcourage.social/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a>?</p><p>e.g. <a href="https://pin13.net/mf2/?url=https%3A%2F%2FUnix-Freunde.mro.name%2F" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pin13.net/mf2/?url=https%3A%2F</span><span class="invisible">%2FUnix-Freunde.mro.name%2F</span></a></p><p>Update: I'll go with <a href="http://h2vx.com/ics/Unix-Freunde.mro.name" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">h2vx.com/ics/Unix-Freunde.mro.</span><span class="invisible">name</span></a> digesting v1 microformats.</p>
OTX Bot<p>Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware</p><p>APT36, a Pakistan-based cyber espionage group, is actively targeting Indian defense personnel through sophisticated phishing campaigns. The group disseminates emails with malicious PDF attachments resembling official government documents. When opened, these PDFs display a blurred background and a button mimicking the National Informatics Centre login interface. Clicking the button redirects users to a fraudulent URL and initiates the download of a ZIP archive containing a malicious executable disguised as a legitimate application. This campaign highlights APT36's focus on credential theft and long-term infiltration of Indian defense networks, emphasizing the need for robust email security, user awareness programs, and proactive threat detection systems.</p><p>Pulse ID: 6856c6ec76846d013ef77cc6<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6856c6ec76846d013ef77cc6" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6856c</span><span class="invisible">6ec76846d013ef77cc6</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-21 14:51:24</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>India</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PDF</span></a> <a href="https://social.raytec.co/tags/Pakistan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pakistan</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Whispering in the dark</p><p>ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.</p><p>Pulse ID: 684874c7cbe4dbef4d0ff749<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/684874c7cbe4dbef4d0ff749" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68487</span><span class="invisible">4c7cbe4dbef4d0ff749</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-10 18:09:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberespionage</span></a> <a href="https://social.raytec.co/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESET</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Iran" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Iran</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OilRig" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OilRig</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/Telecommunication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecommunication</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
SleepyCatten<p>Hey folks :TransHeart: </p><p>So, we're going to try to keep this post shortish for our own wellbeing and sanity, as well as yours.</p><p>We will, however, frontload some abbreviations and links:</p><ul><li>EOEGS - <a href="https://ncth.nhs.uk/east-of-england-service/" rel="nofollow noopener noreferrer" target="_blank">East of England Gender Service</a></li><li><a href="https://transactual.org.uk/medical-transition/gender-dysphoria-clinics/" rel="nofollow noopener noreferrer" target="_blank">Gender Clinics</a><ul><li>Aka GIC (Gender Identity Clinic) or, solely by the NHS, Gender Dysphoria Clinic (GDC)</li></ul></li><li>IFR - <a href="https://www.england.nhs.uk/contact-us/privacy-notice/how-we-use-your-information/our-services/individual-requests-for-funding/" rel="nofollow noopener noreferrer" target="_blank">Individual Funding Request</a></li><li>ICB / ICS - <a href="https://www.nhs.uk/nhs-services/find-your-local-integrated-care-board/" rel="nofollow noopener noreferrer" target="_blank">Integrated Care Board</a> / System</li><li>GDNRSS - <a href="https://ncth.nhs.uk/gdnrss/" rel="nofollow noopener noreferrer" target="_blank">NHS Gender Dysphoria National Referral Support Services</a></li><li>GAHT - Gender-Affirming Hormone Therapy</li><li>FFS - Facial Feminisation Surgery</li><li>VFS - Voice Feminisation Surgery</li><li>GP - General Practitioner</li><li>PALS - <a href="https://www.nhs.uk/nhs-services/hospitals/what-is-pals-patient-advice-and-liaison-service/" rel="nofollow noopener noreferrer" target="_blank">Patient Advice and Liaison Service</a></li><li>PHSO - Parliamentary and Health Service Ombudsman </li></ul><p>We have already written up about some of our early experience of trying to get gender-affirming care from the NHS in an <a href="https://transactual.org.uk/blog/2023/10/21/i-have-no-gender-affirming-care-and-i-must-scream/" rel="nofollow noopener noreferrer" target="_blank">article for TransActual</a>, but that was published back in October 2023, so it's more than a little outdated now 😅</p><p>Back in August 2023, we knew it was possible to request funding for gender-affirming surgeries not routinely covered by the NHS via IFRs. These are submitted to your local ICB, who will likely refuse funding unless you've made a really good funding case.</p><p>(It's worth noting here that such gender-affirming surgeries are recommended by WPATH's <a href="https://www.tandfonline.com/doi/pdf/10.1080/26895269.2022.2100644" rel="nofollow noopener noreferrer" target="_blank">SOC8</a>: the NHS just disagrees and refuses to follow the international recommendations.)</p><p>Nonetheless, we mostly just wanted the chance to put our case forward for VFS. A standalone bilateral orchidectomy and FFS were there, but as lower priorities, since it was our voice causing us the most issues.</p><p>(We won't list all of our voice dysphoria issues here, but basically we've been doing voice feminisation training since December 2021 and we're nowhere near even the lowest-end voice goals. Our voice leads to us getting regularly misgendered both on the phone and even in person 😞 We've done our genuine best for years and VFS is very much our last resort.)</p><p>We are going to give selective details of what's happened since, but we'll first cut to key points: the EOEGS (our gender clinic) has been refusing to comply with their responsibilities for approaching <strong>2 YEARS</strong> and no-one within the NHS will hold them to account.</p><p>First they denied responsibility for IFRs and tried to say it was our GP's responsibility. So, we went to our local ICB to ask them and got given the details for the NHS England IFR team, who told us -- in no uncertain terms -- that it was the responsibility of the EOEGS to submit these for us. That was back in very early 2024.</p><p>We forwarded this to the EOEGS, and then followed it up with them at our 3rd appointment (Q1 2024). They still denied responsibility, so we forwarded on the proof again. And waited. 3 months later (Q2 2024), we chased... and waited again.</p><p>Near the end of Q3 2024, the EOEGS <strong>finally</strong> wrote up the notes from the 3rd appointment (~6 months ago), and mailed them to us and our GP in the post (no digital copy or email)... with multiple factual errors :Sighing_Face: 🤦♀️</p><p>So, we scanned the letter, turned it into a PDF, then highlighted and corrected <strong>all</strong> the errors. We then politely emailed it across to the EOEGS, CCing in our GP, along with a clear restatement of outstanding issues and requests.</p><p>As the quarter ended, we got an offer of a 4th appointment (more surgical referral gatekeeping nonsense) next quarter. Then silence, yet again.</p><p>Q4 2024 came around. The EOEGS claimed that the IFR issue was still with its "service lead". We raised it at the 4th appointment. No answers. Only further promises to look into it and get back to us.</p><p>As 2024 ended, we went back to the NHS England IFR team. They confirmed once again that our gender clinic was shirking their responsibility over IFRs. So, we chased the EOEGS for the last time that year. No response ever came.</p><p>As we moved into 2025, we reached out to GDNRSS to ask for guidance and help. They responded quickly, but advised that the only thing we could do was to raise a complaint with PALS.</p><p>So, that's what we did, CCing in the EOEGS, and made it very clear that this was only being done as a matter of last resort.</p><p>By now, as you can imagine, we weren't expecting anything great. However, we hadn't been mentally prepared for the combination of incompetence, lack of reading comprehension, and institutional malice that followed.</p><p>They'd send us a complaint response that didn't show any understanding of our complaint. We'd go back and clarify the issues again, and suggest a call to discuss it. They'd investigate more, say that they'd pass along our request for a call, delay the response, and then send another one which again failed to address the core issues.</p><p>By Q2 2025, we reached the point where they refused to take the complaint forward any further, and just directed us to the PSHO, which is very much biased towards whatever the current government wants.</p><p>In other words, we'd run out of options to hold the EOEGS accountable 😞</p><p>NGL: in combination with multiple other factors, this kind of broke us, and we simply had none of the time, energy, spoons, or motivation to follow up any further.</p><p>After a few weeks, however, we decided on 2 last-ditch options available to us:</p><ol><li>Raise a <a href="https://gdpr-info.eu/art-15-gdpr/" rel="nofollow noopener noreferrer" target="_blank">DSAR (Data Subject Access Request)</a> under GDPR to request a copy of any and all communications mentioning us (directly or indirectly) and our requests by all organisations and individuals involved.</li><li>Reach out to the senior partner at our GP surgery, via the practice manager, to ask if they'd consider submitting an IFR for us for at least VFS.</li></ol><p>On the 1st point, the ticking clock for that started just a few days ago. Officially they have 1 calendar month to comply, but can request up to 3 calendar months if the request is deemed complex. We are under no obligation to agree to this as the data subject.</p><p>On the 2nd point, the senior partner had a call with us over the issues, then asked whether we could compile all the info on everything for him. We said it would be difficult for us, but agreed, so he booked a follow-up appointment for us on 2025-06-09 (yesterday).</p><p>NGL: going through all the emails and documents again, then summarising them into a chronological sequence of events, was very, very difficult for many reasons, but primarily because it meant going back through everything and reliving the cumulative trauma of it :PleadingFace: </p><p>Nonetheless, we finished compiling it all just a couple of hours before the appointment. A "summary" document that spanned 4 sides of A4 and all the relevant "receipts" (digital documents like emails and PDFs), covering from August 2023 to June 2025.</p><p>Whilst the senior partner said it will take him time to go through it all, the key thing is that he agreed to submit the IFR for us.</p><p>It honestly made us teary just to have someone actually care enough to truly listen and be willing to discuss it with us :FaceHoldingBackTears: </p><p>Of course, this is just the beginning of another long, drawn-out process. It's likely going to take at least several weeks until we even get to the stage of working together to put together the best case possible, let alone getting the IFR submitted. It could even be months.</p><p>Even when it's submitted, it'll then be up to our local ICB to review the submission, and they will almost certainly find a reason or reasons to deny the application.</p><p>We're still not expecting this to succeed. We just wanted to have the chance to have at least one request submitted and reviewed.</p><p>The EOEGS and other NHS departments spent a level of magnitude more time, energy, and resources denying us the <strong>right</strong> to even consider submitting IFRs for us because, we suspect, they didn't want to set a precedent of trans patients in England utilising their rights.</p><p>Or maybe just because they didn't want to comply.</p><p>Whatever happens with the eventual IFR submission, at least we'll have tried every way we can think of to get the NHS to fund a basic gender-affirming surgery that would massively improve our daily quality of life.</p><p>If by some miracle the IFR is approved, it'll give us and maybe others a small glimmer of hope.</p><p>But realistically-speaking, at least then we can create a fundraiser for VFS with a clear conscience that we tried everything else we could first 🥺</p><p>If you got this far, thank you for reading this :TransHeart: Feel free to boost it, if you want others to read it too :BoostsOKPrideSymbol: </p><p><a href="https://cultofshiv.wtf/tags/trans" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trans</span></a> <a href="https://cultofshiv.wtf/tags/transgender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transgender</span></a> <a href="https://cultofshiv.wtf/tags/VoiceTraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceTraining</span></a> <a href="https://cultofshiv.wtf/tags/VoiceFeminisation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceFeminisation</span></a> <a href="https://cultofshiv.wtf/tags/VoiceFeminisationSurgery" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceFeminisationSurgery</span></a> <a href="https://cultofshiv.wtf/tags/VFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VFS</span></a> <a href="https://cultofshiv.wtf/tags/VoiceDysphoria" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoiceDysphoria</span></a> <a href="https://cultofshiv.wtf/tags/NHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHS</span></a> <a href="https://cultofshiv.wtf/tags/NHSEngland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHSEngland</span></a> <a href="https://cultofshiv.wtf/tags/EOEGS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EOEGS</span></a> <a href="https://cultofshiv.wtf/tags/PALS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PALS</span></a> <a href="https://cultofshiv.wtf/tags/IFR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IFR</span></a> <a href="https://cultofshiv.wtf/tags/ICB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICB</span></a> <a href="https://cultofshiv.wtf/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://cultofshiv.wtf/tags/GDNRSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDNRSS</span></a> <a href="https://cultofshiv.wtf/tags/GAHT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GAHT</span></a> <a href="https://cultofshiv.wtf/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> <a href="https://cultofshiv.wtf/tags/DSAR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DSAR</span></a> <a href="https://cultofshiv.wtf/tags/TransRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TransRights</span></a> <a href="https://cultofshiv.wtf/tags/TransRightsAreHumanRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TransRightsAreHumanRights</span></a> <a href="https://cultofshiv.wtf/tags/LGBTQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQ</span></a>+ <a href="https://cultofshiv.wtf/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQIA</span></a>+ <a href="https://cultofshiv.wtf/tags/queer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>queer</span></a> <a href="https://cultofshiv.wtf/tags/GenderAffirmingCare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenderAffirmingCare</span></a></p>
OTX Bot<p>APT 41: Threat Intelligence Report and Malware Analysis</p><p>APT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanese government website. Their attack chain involves spear-phishing emails, malicious ZIP archives, and a three-module malware system called ToughProgress. This malware uses stealthy techniques like in-memory execution, encryption, and process hollowing to evade detection. The unique aspect of ToughProgress is its use of Google Calendar events for covert data exchange, creating a stealthy communication channel for remote command execution and data exfiltration.</p><p>Pulse ID: 68480e89dbe1f2bc0746a80c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68480e89dbe1f2bc0746a80c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68480</span><span class="invisible">e89dbe1f2bc0746a80c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-10 10:52:57</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/Healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Healthcare</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCommandExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteCommandExecution</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>BladedFeline: Whispering in the dark</p><p>ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.</p><p>Pulse ID: 6842cae058bebf5552345481<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6842cae058bebf5552345481" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6842c</span><span class="invisible">ae058bebf5552345481</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-06 11:02:56</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberespionage</span></a> <a href="https://social.raytec.co/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESET</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Iran" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Iran</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OilRig" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OilRig</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/Telecommunication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecommunication</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Bill<p>Gotta admit, 35,000 solar panels would make a baaaaadass botnet.</p><p><a href="https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/35000-solar-p</span><span class="invisible">ower-systems-exposed-to-internet/</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
🏳️🌈Trentskunk🏳️🌈:unverified:<p>Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?</p><p><a href="https://mstdn.social/tags/emacs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>emacs</span></a> <br><a href="https://mstdn.social/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <br><a href="https://mstdn.social/tags/calendar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>calendar</span></a> <br><a href="https://mstdn.social/tags/DeGoogle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeGoogle</span></a></p>
Hans Zelf 🇪🇺🌻<p>Serieus, <a href="https://mas.to/tags/ANWB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANWB</span></a> <a href="https://mas.to/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a>? Een wijziging van betaalrekening door een formulier te printen en in te vullen?<br>Welkom in 2025...</p>
OTX Bot<p>Mark Your Calendar: APT41 Innovative Tactics</p><p>In late October 2024, a government website was discovered hosting malware targeting multiple government entities. The malware, dubbed TOUGHPROGRESS, utilized Google Calendar for command and control. Attributed to APT41, a PRC-based actor, the campaign targeted global organizations in various sectors. The malware infection chain involved three modules: PLUSDROP, PLUSINJECT, and TOUGHPROGRESS, employing stealth and evasion techniques. TOUGHPROGRESS used encrypted Calendar events for communication. Google Threat Intelligence Group disrupted the campaign by developing custom fingerprints, terminating attacker-controlled infrastructure, and updating Safe Browsing. APT41 has been observed using free web hosting tools and URL shorteners for malware distribution since August 2024. The blog post provides indicators of compromise and YARA rules to aid in detection and defense against similar attacks.</p><p>Pulse ID: 68377205c4ac88a8a30ee232<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68377205c4ac88a8a30ee232" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68377</span><span class="invisible">205c4ac88a8a30ee232</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-28 20:28:52</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PRC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRC</span></a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troll</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Mark Your Calendar: APT41 Innovative Tactics</p><p>In late October 2024, a government website was discovered hosting malware targeting multiple government entities. The malware, dubbed TOUGHPROGRESS, utilized Google Calendar for command and control. Attributed to APT41, a PRC-based actor, the campaign targeted global organizations in various sectors. The malware infection chain involved three modules: PLUSDROP, PLUSINJECT, and TOUGHPROGRESS, employing stealth and evasion techniques. TOUGHPROGRESS used encrypted Calendar events for communication. Google Threat Intelligence Group disrupted the campaign by developing custom fingerprints, terminating attacker-controlled infrastructure, and updating Safe Browsing. APT41 has been observed using free web hosting tools and URL shorteners for malware distribution since August 2024. The blog post provides indicators of compromise and YARA rules to aid in detection and defense against similar attacks.</p><p>Pulse ID: 683772062a024a03b3ed3e6c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/683772062a024a03b3ed3e6c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68377</span><span class="invisible">2062a024a03b3ed3e6c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-28 20:28:53</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PRC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PRC</span></a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troll</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>New Russia-affiliated actor Void Blizzard targets critical sectors for espionage</p><p>Void Blizzard, a newly identified Russia-affiliated threat actor, has been conducting global cyberespionage operations since April 2024. Their primary targets are organizations in critical sectors, particularly in NATO member states and Ukraine, including government, defense, transportation, media, NGOs, and healthcare. The group employs tactics such as using stolen credentials, likely obtained from commodity infostealer ecosystems, and recently evolved to include targeted spear phishing for credential theft. Despite using unsophisticated techniques, Void Blizzard has been effective in gaining access and collecting large volumes of emails and files from compromised organizations. Their activities pose a significant risk to NATO member states and allies of Ukraine.</p><p>Pulse ID: 6835955789329a0d9f2f521c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6835955789329a0d9f2f521c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68359</span><span class="invisible">55789329a0d9f2f521c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-27 10:35:03</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberespionage</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/Healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Healthcare</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a> <a href="https://social.raytec.co/tags/NATO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NATO</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/SpearPhishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpearPhishing</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukr</span></a> <a href="https://social.raytec.co/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Custom Arsenal Developed to Target Multiple Industries</p><p>Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.</p><p>Pulse ID: 68359559953d95d9c98f6268<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68359559953d95d9c98f6268" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68359</span><span class="invisible">559953d95d9c98f6268</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-27 10:35:05</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/Brazil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Brazil</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/India" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>India</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/SQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQL</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Geriatric Gardener<p>“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”</p><p>by Skwawkbox <span class="h-card" translate="no"><a href="https://mastodon.social/@skwawkbox" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>skwawkbox</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.cloud/@UKLabour" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>UKLabour</span></a></span> </p><p>“Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”</p><p><a href="https://skwawkbox.org/2025/05/23/investors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">skwawkbox.org/2025/05/23/inves</span><span class="invisible">tors-suing-nhs-embedded-unitedhealth-for-authorising-too-much-treatment/</span></a></p><p><a href="https://mstdn.social/tags/Press" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Press</span></a> <a href="https://mstdn.social/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://mstdn.social/tags/NHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHS</span></a> <a href="https://mstdn.social/tags/UnitedHealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedHealth</span></a> <a href="https://mstdn.social/tags/Insurance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Insurance</span></a> <a href="https://mstdn.social/tags/Treatment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Treatment</span></a> <a href="https://mstdn.social/tags/Refusal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Refusal</span></a> <a href="https://mstdn.social/tags/Denial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Denial</span></a> <a href="https://mstdn.social/tags/UHG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UHG</span></a> <a href="https://mstdn.social/tags/OptumRX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OptumRX</span></a> <a href="https://mstdn.social/tags/Labour" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Labour</span></a> <a href="https://mstdn.social/tags/Streeting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Streeting</span></a> <a href="https://mstdn.social/tags/Starmer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Starmer</span></a> <a href="https://mstdn.social/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a></p>
OTX Bot<p>Targets Tajikistan: New Macro Word Documents Phishing Tactics</p><p>From January to February 2025, a phishing campaign targeting Tajikistan was detected and attributed to TAG-110, a Russia-aligned threat actor. The campaign used Tajikistan government-themed documents as lures, shifting from previous tactics to macro-enabled Word template files for initial payload delivery. This change in approach demonstrates TAG-110's evolving tactics. The group's persistent targeting of Tajik government, educational, and research institutions aligns with Russia's strategy to maintain influence in Central Asia. The campaign likely aims to gather intelligence for influencing regional politics or security, particularly during sensitive events like elections or geopolitical tensions.</p><p>Pulse ID: 682f9d0236a68becaaf72d79<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/682f9d0236a68becaaf72d79" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/682f9</span><span class="invisible">d0236a68becaaf72d79</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-22 21:54:10</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Asia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Asia</span></a> <a href="https://social.raytec.co/tags/CentralAsia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CentralAsia</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
BSides Boulder<p>⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵 </p><p>Trace attack paths in ICS with Gilberto "Gil" Garcia's <a href="https://infosec.exchange/tags/BSidesBoulder25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSidesBoulder25</span></a> talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows. <br>Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 <a href="https://infosec.exchange/tags/BSides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSides</span></a> <a href="https://infosec.exchange/tags/BSidesBoulder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSidesBoulder</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatModeling</span></a></p><p>Tickets are available for purchase for our 13 June event here: <a href="https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eventbrite.com/e/bsides-boulde</span><span class="invisible">r-2025-registration-1290129274389</span></a></p>
scy<p>Habt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern</p><p>• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem)<br>• Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)</p><p>Einmalige Downloads sind okay, Feed-URLs wären fast besser.</p><p><a href="https://chaos.social/tags/iCal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iCal</span></a> <a href="https://chaos.social/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://chaos.social/tags/Kalender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kalender</span></a> <a href="https://chaos.social/tags/KalenderFeed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KalenderFeed</span></a> <a href="https://chaos.social/tags/Feiertag" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feiertag</span></a> <a href="https://chaos.social/tags/Feiertage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feiertage</span></a> <a href="https://chaos.social/tags/Schulferien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Schulferien</span></a> <a href="https://chaos.social/tags/Ferien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ferien</span></a></p>
Bill<p>Geez, TWENTY-TWO ICS advisories from CISA today? Is that as awful as it sounds?</p><p><a href="https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/news-events/alerts/20</span><span class="invisible">25/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories</span></a></p><p><a href="https://infosec.exchange/tags/ics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ics</span></a> <a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a></p>
OTX Bot<p>TA406 Pivots to the Front</p><p>In February 2025, TA406, a North Korean state-sponsored actor, began targeting Ukrainian government entities with phishing campaigns aimed at gathering intelligence on the Russian invasion. The group utilized freemail senders impersonating think tank members to deliver both credential harvesting attempts and malware. Their tactics included using HTML and CHM files with embedded PowerShell for malware deployment, as well as fake Microsoft security alerts for credential theft. The malware conducted extensive reconnaissance on target hosts, gathering system information and checking for anti-virus tools. TA406's focus appears to be on collecting strategic, political intelligence to assess the ongoing conflict and potential risks to North Korean forces in the region.</p><p>Pulse ID: 6823b32f1fad0a568539c4c1<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6823b32f1fad0a568539c4c1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6823b</span><span class="invisible">32f1fad0a568539c4c1</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-13 21:01:35</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CredentialHarvesting</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Ukr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukr</span></a> <a href="https://social.raytec.co/tags/Ukrainian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukrainian</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload