Kse Proso

260 posts

Kse Proso

@KseProso

#APT groups analyst #ThreatIntel researcher @GroupIB @GroupIB_TI Opinions are my own.

Beigetreten Nisan 2015

94 Folgt1.4K Follower

Kse Proso retweetet

Group-IB Global@GroupIB·12 Şub

🎉 Our High-Tech Crime Trends 2026 Report is here! Supply chain attacks have become the dominant force reshaping the global cyber threat landscape. Group-IB's High-Tech Crime Trends Report 2026 reveals a decisive shift in cybercrime away from isolated intrusions toward ecosystem-wide compromise. Attackers are now exploiting trusted vendors, open-source software, SaaS platforms, and managed service providers to gain inherited access to hundreds of downstream organizations. Key findings: 🔹 Open-source ecosystems under siege npm and PyPI targeted with stolen credentials and automated malware worms 🔹 Malicious browser extensions weaponized to harvest credentials and hijack sessions 🔹 AI-powered phishing campaigns bypassing MFA through OAuth workflows 🔹 Data breaches triggering multi-tenant, cascading downstream impact 🔹 Industrialized ransomware supply chains coordinating upstream access "Cybercrime is no longer defined by single breaches. It is defined by cascading failures of trust," said Dmitry Volkov, CEO of Group-IB. Powered by intelligence from our Digital Crime Resistance Centers across 11 countries and adversary-centric telemetry, this report provides actionable insights for enterprises, governments, and law enforcement. 📥 Download the High-Tech Crime Trends Report 2026 to understand how supply chain compromises unfold and how to disrupt attack chains before damage occurs: link.group-ib.com/3Zxl8lr 🔗 Read the full press release: link.group-ib.com/4kt2Kno #CyberSecurity #SupplyChainAttack #InfoSec #ThreatIntelligence #Ransomware #Phishing #HTCT2026

English

690

Kse Proso@KseProso·21 Kas

I with my colleagues from @GroupIB_TI and @GroupIB_DFIR uncover how #UNC2891 is blending stealthy malware, physical infiltration, and money #mule ops to pull off high-impact bank attacks in Southeast Asia. 📌 Key findings: • Undetected access since 2017 • Rootkits, log wipers, and "magical password" backdoors • Raspberry Pi planted inside a bank’s ATM switch • DNS tunneling + OpenVPN for lateral movement • Money mules recruited via Google ads & guided via TeamViewer 🔖Full report: group-ib.com/landing/unc289… #ThreatIntel #CyberCrime #ATM #GroupIB #FinancialThreats

English

2.5K

Kse Proso retweetet

Group-IB Global@GroupIB·31 Eki

Can one email put billions of weekly downloads at risk? Yes, it can. That’s how one of the most significant NPM #supplychain incidents to date began. A single #Phishing message disguised as an #NPM security update gave attackers access to a trusted developer account and spread malicious code through 20 popular packages. In the first post of our new email protection series, Group-IB experts explain how #BusinessEmailProtection could have detected and stopped the message before it ever reached the inbox. Read the full story: link.group-ib.com/4hAb6s1

English

836

Kse Proso@KseProso·3 Tem

@RedDrip7 Hey, Thanks for sharing! Is there any chance to hear full speech/blog/presentation? Thanks!

English

RedDrip Team@RedDrip7·3 Tem

At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT

English

29K

Kse Proso@KseProso·28 Oca

#Lynx #RaaS: A Ruthless Cybercrime Machine 💀 All-in-One Panel – Manage victims, #ransomware builds & leaks 🖥️ Cross-Platform – Windows, Linux, ESXi 💰 Double Extortion – 80% payout + leak site for max pressure 🔐 Custom Encryption – Speed vs. depth, affiliates choose ...more👇

Group-IB Threat Intelligence@GroupIB_TI

Group-IB’s Threat Intelligence team has investigated the work of the #Lynx #Ransomware group, unveiling multi-architecture builds (Windows, Linux, ESXi). Their affiliate panel centralizes attack orchestration and data-leak scheduling. #RaaS #CyberSecurity

English

454

Kse Proso@KseProso·23 Oca

@cyb3rops Thanks to him for this work. But I'm afraid there is not a full list of addresses, only those who had the "set email-to" parameter, there are also admin emails that are not in this list😶

English

1.6K

Florian Roth ⚡️@cyb3rops·23 Oca

Kevin published the email addresses in the #Fortigate config dump raw.githubusercontent.com/GossiTheDog/Mo…

English

363

111.8K

Kse Proso@KseProso·14 Kas

Group-IB has identified a novel technique not yet included in the #MITRE ATT&CK framework: Code Smuggling using Extended Attributes. We've discovered a new #macOS #trojan, #RustyAttr, developed using the Tauri, originally signed with a leaked certificate (later revoked). #Lazarus

Group-IB Threat Intelligence@GroupIB_TI

#Lazarus has attempted to evade detection on #macOS systems using a new technique - code smuggling using extended attributes

English

600

Kse Proso@KseProso·4 Eyl

#Lazarus is using "FCCCall," to mimic legit video conferencing as part of attack chains. A new Python script suite, and expanded outreach beyond LinkedIn and Telegram have been identified. Tools #BeaverTail and #InvisibleFerret are in active dev with updates from July-Aug 2024.

Group-IB Threat Intelligence@GroupIB_TI

The #Lazarus Group shows no signs of easing with their campaign targeting #jobseekers extending to the present day. Group-IB researchers found new updates to their tools and tactic - new suite of Python scripts - #CivetQ, a #Windows and #Python version of #BeaverTail

English

4.6K

Kse Proso@KseProso·26 Ağu

@Cyberteam008 The domain was previously mentioned here - seqrite.com/blog/pakistani… Hope it will help :)

English

250

Cyber Team@Cyberteam008·26 Ağu

#APT36 Phishing Campaign Amended Copy.rar MD5: c375c9ddee439e9ecb40875affbf7d12 #Crimson #RAT Payloads Activity Analyzer.exe 18f206d146f2bb1fa51363a547d5a3ee C2: 154.216.18[.]90:909 782404d138bf92399e852c3a6ab2840e C2: 154.216.18[.]90:909 & 67 juichangchi[.]online #Malware

English

14K

Kse Proso@KseProso·22 Ağu

@StrikeReadyLabs x.com/GroupIB_TI/sta… related

Group-IB Threat Intelligence@GroupIB_TI

Group-IB researchers noticed a Windows version of #BeaverTail, which was attributed to #Lazarus. We also discovered that the #javascript version of BeaverTail is now being distributed through trojanised games built with ReactJS and distributed as an NPM-based package.

English

160

StrikeReady Labs@StrikeReadyLabs·22 Ağu

FCCCall.dmg, bit of Mac malware, beaconing to 185.235.241[.]208:1224. Color us shocked to see the "STARK INDUSTRIES" ASName. b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8 24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd305

English

6.6K

Kse Proso@KseProso·25 Tem

We continue to see the activity of the Gigabud, which, without slowing down, already has 70+ commands. The #Gigabud mimics legitimate apps, including government and financial institution apps, and abuses screen capturing and #keylogger techniques to #access credentials and more.

Group-IB Threat Intelligence@GroupIB_TI

Thanks to #ESET for an in-depth overview of activity in the first half of 2024. In our research, we found that impersonations of Ethiopian, South African, Peruvian and Mexican applications are related to #Gigabud. Check out ESET’s post for more details: x.com/ESETresearch/s…

English

474

Kse Proso@KseProso·21 Haz

Group-IB TI uncovered a landing page used for distribution of BMANAGER modular #trojan, created by threat actor #Boolka. This page was a test run for a malware delivery platform based on the #BeEF framework. The analysis reveals the complexity of the #malware ecosystem.👇

Group-IB Global@GroupIB

Discover the latest on #Boolka, a #cyberthreat actor responsible for spreading #malware and stealing data through #webattacks. Learn about Boolka's methods and how we're fighting back. #InfoSec #CyberSecurity Read More : bit.ly/3RDYB2H

English

563

Kse Proso@KseProso·8 May

@ValidinLLC @500mk500 Yeah, I see additionally that this certificate with the CN email.instant-patch[.]online has 3 hosts - 104.168.203[.]161, 104.168.157[.]45 and 104.168.203[.]159. Interesting that there is another certificate, but different ports

English

164

Validin@ValidinLLC·8 May

@500mk500 @KseProso Also: general-meeting[.]team private-meet[.]team Linked by 104.168.203[.]159, which returned a certificate with the CN email.instant-patch[.]online on 2024-04-25

English

182

Kse Proso@KseProso·8 May

The #Lazarus group is still active and creates #fake profiles on LinkedIn and Telegram to attract developers to make calls through malicious sites. Today @MichalKoczwara highlighted the fake NGC Ventures LinkedIn profile. But let's jump deeper to 104.168.157[.]45.

English

10.5K

Kse Proso@KseProso·8 May

Some fraudulent messages and profiles have been uncovered, but #Lazarus will continue to create new profiles and attempt to compromise new victims. Examples of revealed scams: twitter.com/fenbushi/statu… (Fenbushi) twitter.com/0xrooter/statu… (Waterdrip)

R🐽ter@0xrooter

new phishing scam just dropped the scammer impersonates a VC and insists to use a phishing link for the call

English

Kse Proso@KseProso·8 May

#APT group uses famous names: Fenbushi Capital, HashKey Capital, Waterdrip Capital. /fenbushi.regular-meeting.team /fenbushi.private-meet.online /liwoeson.online-meet.team /hashkey.online-meet.team /hashkey.online-meet.xyz /waterdrip.group-meeting.pro /signum.group-meeting.pro

English

978

Kse Proso@KseProso·14 Mar

Rising #Trojan Activity in #APAC: Keep an eye out for #GoldFactory and #Gigabud! These mobile Trojans are increasingly active in the region, posing a significant threat to mobile security.

Group-IB Threat Intelligence@GroupIB_TI

Following Group-IB's #GoldFactory report, it is clear that situation of mobile threats in #APAC persists. Though the report shared mainly on the "Gold-prefixed" trojans, the prevalence of #Gigabud in the region is not to be overlooked. There are increased sightings of Gigabud, especially in #Vietnam since late 2023 till present.

English

486

Kse Proso@KseProso·20 Şub

Often high-profile news about new leaks doesn't bring any reinforcement. You need to approach it with some criticality and check what they have written. Unfortunately, news agencies often don't check data, but that's what we are there for - to filter out and leave only important.

Group-IB Threat Intelligence@GroupIB_TI

🕵️‍♀️ Exposing the #DarkWeb deception. Since October 2022, the #ThreatActor known as "resetmyname" has been falsely advertising "unique customer databases" from numerous #banks on various Dark Web platforms. Regularly announcing "new bank customer databases" from many countries around the world, this activity has garnered significant media attention over time. @GroupIB's thorough analysis of all data samples that "resetmyname" has ever published or provided reveals that, in fact, TA has been selling data all this time from the publicly available database of the #BidenCash cardshop, which the cardshop itself published for promotional purposes back in June 2022. Detailed reports about "resetmyname" and "BidenCash" are available for Group-IB customers.

English

464

Kse Proso retweetet

Group-IB Threat Intelligence@GroupIB_TI·15 Şub

The #GoldDigger family grows: Group-IB's TI Unit finds GoldPickaxe.iOS, the first #iOS #Trojan harvesting #FacialRecognition data for unauthorized bank access, targeting #APAC. It is linked to the GoldDigger family discovered last October. Learn more: bit.ly/3UHDaAq

Group-IB Threat Intelligence tweet media

English

6.1K

Kse Proso@KseProso·6 Şub

Group-IB flags #ResumeLooters hacking spree in APAC since early '23, using #SQL injections & #XSS to pilfer data from 65 sites, affecting users across India, Taiwan, Thailand, and Vietnam. Attacker accounts & data sale ads spotted in Chinese #hacking groups on Telegram.

Group-IB Threat Intelligence@GroupIB_TI

🚨 As promised, here's the full disclosure — Group-IB's TI unit uncovers #ResumeLooters, a malicious group targeting primarily #APAC's employment agencies & #retail firms. Read our blog for their tactics, #IoCs, and how to shield against #SQL injection and #XSS attacks: bit.ly/3SvCefp #Cybersecurity

English

348

Entdecken

@GroupIB_TI @GroupIB_DFIR @RedDrip7 @cyb3rops @Cyberteam008 @StrikeReadyLabs @ValidinLLC @500mk500