PJ

My take regarding the Russian Hacker attack targeting the Ukrainian telecommunications company Kyivstar «Київстар» link.medium.com/oKhGCXCQxFb #CTI #RussianUkrainianCyberWar #Kyivstar #Київстар #Russia #CyberAttack

NEW OSINT CHALLENGE OPERATION HIDDEN LEDGER Money launderer convicted → His network? Still active. His replacements? Unknown. Your Mission: - GitHub Reconnaissance - Telegram Intelligence - Digital Footprint Analysis - Attribution & Correlation The hunt begins, Analysts!

@d4rk_intel mind and DM me??? Regards, PJ

"Uncommon #OSINT" Utilizing a note taking tool for OSINT gathering @farallon/uncommon-osint-obsidian-semantic-meaning-and-nlp-3339e1e51d70" target="_blank" rel="nofollow noopener">medium.com/@farallon/unco…

Obsidian (@obsdmd) Vault on Github curated by Micah @WebBreacher #OSINT #toolbox #Obsidian

Russian General Staff Main Intelligence Directorate (GRU) cyber actors are exploiting vulnerable routers worldwide to intercept and steal sensitive military, government, and critical infrastructure information. The U.S. Department of Justice and the FBI recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used to facilitate malicious DNS hijacking operations. The FBI and the following partners are releasing this announcement to warn the public and encourage network defenders and device owners to take actions to remediate and reduce the attack surface of similar edge devices: U.S. National Security Agency (NSA) and international partners from Canada, Czech Republic, Denmark, Estonia, Finland, Germany, Italy, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Slovakia, and Ukraine. Understanding the DNS Hijacking Operations Since at least 2024, Russian GRU 85th Main Special Service Center (85th GTsSS) cyber actors — also known as APT28, Fancy Bear, and Forest Blizzard — have been collecting credentials and exploiting vulnerable routers worldwide, including compromising TP-Link routers using CVE-2023-50224. The GRU actors changed the devices' dynamic host configuration protocol (DHCP) / domain name system (DNS) settings to introduce actor-controlled DNS resolvers. Connected devices, including laptops and phones, inherit these modified settings. The actor-controlled infrastructure resolves and captures lookups for all domain names. The GRU provides fraudulent DNS answers for specific domains and services — including Microsoft Outlook Web Access — enabling adversary-in-the-middle (AitM) attacks against encrypted traffic if users navigate through a certificate error warning. These AitM attacks would allow the actors to see the traffic unencrypted. The GRU has harvested passwords, authentication tokens, and sensitive information including emails and web browsing information normally protected by secure socket layer (SSL) and transport layer security (TLS) encryption. The GRU has indiscriminately compromised a wide pool of U.S. and global victims and then filtered down impacted users, especially targeting information related to military, government, and critical infrastructure. Tips to Protect Yourself The FBI and partners have released relevant guidance and technical indicators, including NCSC-UK cybersecurity advisory "APT28 exploit routers to enable DNS hijacking operations" on 7 April 2026 and CISA's Edge Device Security webpage. Users of SOHO routers are encouraged to upgrade end-of-support devices, update to latest firmware versions, change default usernames and passwords, and disable remote management interfaces from the Internet. All users should carefully consider certificate warnings in web browsers and email clients. Organizations that allow remote work should review relevant policies regarding how employees access sensitive data, such as using VPNs and hardened application configurations. Additionally, organizations may consider incentivizing employees to upgrade outdated personal devices involved in remote access. Report It If you suspect you have been targeted or compromised by a Russian GRU cyber intrusion, report the activity to your local FBI field office or file a complaint with the IC3. Be sure to provide details about your router, including device type and DHCP configurations. Visit IC3.gov for additional details.

List of notable Lebanese figures confirmed killed over the past 24 hours: - Fadel Abbas Najm was an aide, bodyguard, and courier for Hezbollah's Secretary-General, Naim Qassem was killed in the Tallet Khayat neighborhood in Beirut. - Hajj Issam Najib Shoeb (Abu Najib) was a Hezbollah field commander from Charqiyeh. - Hajj Yahya Hadraj was a veteran member of Hezbollah and a latmiya reciter at Shia mourning gatherings. He was killed in the Hayy al-Salam area of Dahiyeh. - Sheikh Sadeq al-Nabulsi, a Shia cleric, professor of political science at Lebanese University, helped run a seminary in Sidon, and contributed for Al-Akhbar. He was the brother of Mohammad Afif, Hezbollah's former spokesman and head of media relations (he was killed in 2024). He was killed in a strike on the al-Zahraa complex in Sidon. - Muhammad Sbeity served as a Shia sheikh and was well-known for his sermons and online profiles. He was also killed in strikes on the al-Zahraa complex. - Souzan Al-Khalil was a media personality and on-air presenter and producer for Hezbollah-owned al-Manar TV. She was killed in a strike on Kayfoun, south of Beirut. Unconfirmed reports: - Abu Said Al-Khansa was the former Mayor of the Ghobeiry Municipality in Dahiyeh. He currently serves as head of Hezbollah's Christian relations. I couldn't confirm his death, but local sources talk about the death of two of his family members.

Update on the April 7, 2026 shooting outside the #Israel's consulate in #Istanbul (Levent), #Turkey: • 3 gunmen identified as: - Yunus Emre Şarban (32) – killed during the shootout - Onur Çelik (25) – wounded and detained (one of two brothers, prior drug-related record) - Enes Çelik (mid-20s) – wounded and detained (brother of Onur) • Interior Minister Mustafa Çiftçi and police statements describe the 3 gunmen as connected to a group that "exploits religion" a term often used to refer to #ISIS. • In 2021, Turkish authorities froze Şarban assets because of his suspected involvement in ISIS-related financial activities • The 3 gunmen conducted reconnaissance days before the attack near the consulate • 9 other suspects detained, including Onur Çelik’s wife. • They are suspected of providing support and logistics • Operations carried out in Istanbul, Kocaeli, and Konya turkiyegazetesi.com.tr/gundem/israil-… #ISIS

“Lucky Strike” and its spies: “Disposable agents” apparently work for #Russia. Several recruiters have now been identified – but one remains a phantom. Chats reveal how #LuckyStrike recruited – for example, for arson attacks. #hybridwarfare #europeanunion

Where is "LuckyStrike"? Investigators have identified key figures behind Russian sabotage operations in Europe. But one central coordinator (#LuckyStrike) remains a phantom. WDR, NDR & SZ were able to reconstruct how he operated.

The person who gets arrested is rarely the whole story. They're usually just the part we can still see. @dutch_osintguy breaks down the seven-phase pipeline from online radicalization to physical action — and where OSINT collection actually matters most. One of the most important reads this year for analysts working on extremism cases. 🔗 dutchosintguy.com/post/from-open…

The ruSSian military has started fielding R-187-P1 "Azart" radios equipped with active GSSh-01-01 6M2-1 headsets.

Here we go again - another attack on the #German mirror of #Indymedia @indymedia @TheGreyZoneOC

And boooom, they're gone! #developingsituation #DDOS #Indymedia #SPAM @TheGreyZoneOC

@TheGreyZoneOC ;-)

So apparently the attack stopped... The #German mirror of #Indymedia had a slight inconvenience in form of a #spam attack

@indymedia ???

So after the attack of a #German left-wing / anarchist outfit on a power plant in #Berlin , someone decided to spam the hell out of #Indymedia platform, starting on the 8th and currently ongoing

@MuskanSTRAC compiled a report usint the @stealthmole_int framework, portraying | profiling a #DarkWeb #ThreatActor! The StealthMole framework for visualization / presentation when working with elusive actors on various platforms is of great help.

So military Equipment destined for Ukraine is torched in Germany, "Palestine Action" attacks military aircraft in the UK and the leader of the latter is an outspoken pro-Russian Individual! #escalation #proxy #sabotage #5thcolumn

June Analysis: “Generation Jihad: The Profile and Modus Operandi of Minors Involved in Recent Islamist Terror Plots in Europe” by Erik Hacker (@_erikhacker) ctc.westpoint.edu/generation-jih…