Nick Attfield

Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals it’s got everything: 🛰️ Popped routers for sending phish 📊 ACH on attribution 👾 custom protocols 👽 cool malware 🕵️ crime 🎯 espionage ❔many unanswered questions proofpoint.com/us/blog/threat…

Fun blog from @greglesnewich and team. Come for the great title, stay for the excellent analysis highlighting some strange overlaps and unanswered questions.

And we are back 😎 , #SaveTheDate folks, we are counting on blowing your mind (again) with a great event filled with top-notch content at #PIVOTcon25. #CTI #ThreatIntel #Malware #Geopolitics #ThreatHunting #Cybercrime

Stoked to announce that I’ll be joining the APT crew at Proofpoint as a researcher! Time to ruin some ops 💪🏼

@greglesnewich Been looking forward to this for a long time! What a crew to join, getting to learn from and work with some of the best 💪🏼 Time to run it up 😮‍💨🙏🏻

But now the cavalry arrives on Monday and we are so so so stoked 🎉💪 We’ve got a list of adversaries who’s R&D we gotta waste, budgets we’ve gotta run up tabs on, and ops to ruin Can’t wait to get after it with this crew 😤

Proud story thread time 😊 For a little over a year, our APT team has been reduced to 2 researchers working to track and disrupt espionage campaigns. Folks move on and we still ❤️ them. But it was hard

Something a bit different for you all this time round, as we ask is the CCP the biggest APT? intrusiontruth.wordpress.com/2024/08/07/is-…

@stvemillertime aka when can we fully onboard Synapse please? 🙏🏻😂

Big companies have lots of talented people, each with their own ideas about the right things to do, best paths forward, top strategies for this or that. It must be tough to decide who to trust, which ideas to bet on, when to dump old things and where to embrace new hotness.

This was the most important tough love keynote CTI has needed to hear and desperately needs to digest, otherwise “…reorgs will continue until perception of value improves” (h/t @invisig0th) #PIVOTcon24 #TheFanciestBear

@stvemillertime Congrats!

Officially looking for work in the CTI space. Happy to have a chat about roles! I’ve been a power user of Synapse from @vtxproject for over a year in an enterprise setting as well.

Officially on the job market today. Anyone looking for an old TI guy with a "smidge" of years under his belt, let me know. Happy to have a chat.

The #VulkanFiles highlights the inadequacy of most Western conceptual frameworks for capturing how states approach cyber operations. A 🧵...

Here is my demo of the VM escape exploit on the latest version of VMware Fusion along with ESXi and Workstation. It was used to participate in GeekPwn 2022 and won the championship.

New Chinese APT Targets IT Service Providers and Telcos With Signed Malware -- From @AmitaiBs3 & @joeychennoGG s1.ai/wRcmRP

@stvemillertime virustotal.file.behavior

[ 542,663 edits on 108,175 nodes ] Not bad, for a minute's worth of work.

BREAKING - Dutch intelligence services say they prevented a Russian spy from accessing the International Criminal Court in the Hague as an intern. The man was working under a Brazilian identity but actually belonged to the GRU - @AFP

Here’s an overview of what has happened on the cyber front so far in Ukraine 🧵

#threatintel 🧵: In scenarios where cyber threat activity that is relevant to your org overlaps with geo-political tensions, it is important to clearly distinguish the parts of your assessment that are uniquely yours, and those you derive from other sources (1/x)

There are several Twitter search operators one can use, such as these two: 1. within_time:3h 2. filter:news e.g. "Merkel" within_time:3h filter:news -> will give you Tweets with "Merkel" from the last 3 hours & a link to a news article. Give it a try. #OSINT #research #news

New TAG post on Countering Threats from Iran blog.google/threat-analysi… Aim is to provide some new details on what Ajax and the team discovered and blocked from APT35 (also known as Rocket Kitten and some other names)