lostpacket

40 posts

lostpacket

@_lostpacket_

Threat Researcher at @_CPResearch_

Sumali Nisan 2019

415 Sinusundan153 Mga Tagasunod

lostpacket nag-retweet

Check Point Research@_CPResearch_·4 Mar

🚨ALERT🚨 Gulf countries, Cyprus & Israel - A massive wave of IP camera scanning and exploitation from Iran-linked infrastructure. ✅ Patch to the latest version 🔐 Enforce strong, unique passwords and restrict external access Read More : research.checkpoint.com/2026/interplay…

English

11K

lostpacket nag-retweet

Is Now on VT!@Now_on_VT·27 Oca

ZXX

14.3K

lostpacket nag-retweet

Check Point Research@_CPResearch_·16 Ara

China-linked #InkDragon expands into Europe, building a distributed relay network by weaponizing compromised servers with a custom #ShadowPad IIS listener alongside new TTPs and an evolved FinalDraft.research.checkpoint.com/2025/ink-drago…

English

115

28.8K

lostpacket@_lostpacket_·13 Kas

@_JohnHammond We reported this issue to Microsoft back in June, also talked about it at @labscon_io and @virusbtn — and, well, you already know how that turned out :)

English

575

John Hammond@_JohnHammond·13 Kas

Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: youtu.be/1Ymnvd1uyzQ

YouTube

English

257

41.4K

lostpacket nag-retweet

Check Point Research@_CPResearch_·31 Tem

Unmasking the China-nexus #Storm2603 toolset that pre-dated the ToolShell wave. 📅Active since at least Apr 2025. 🔑Multiple ransomware deployed together: LockBit + Warlock. 💥Custom backdoors: ak47dns & ak47http. Read more --> research.checkpoint.com/2025/before-to…

English

8.1K

lostpacket nag-retweet

Check Point Research@_CPResearch_·25 Haz

🇮🇷🇮🇱 In their latest phishing campaigns, Iranian APT Educated Manticore poses as cybersecurity researchers and executives to target top tech academics in Israel: 🔗 Fake Google Meet meetings 🌐 Phishing kits as Single Page App with React 👉 Details: research.checkpoint.com/2025/iranian-e…

English

7.5K

lostpacket nag-retweet

Check Point Research@_CPResearch_·10 Haz

Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa research.checkpoint.com/2025/stealth-f…

English

106

262

43.5K

lostpacket nag-retweet

Check Point Research@_CPResearch_·14 Kas

Following the advisory, CPR shares an in-depth analysis of the malware attributed to Emennet Pasargad: 🐁 WezRat: a custom infostealer 🧀 Uses DLL modules for screenshots, keylogging, file theft, etc. 🐈 Over a year of activity and evolution Read more: 👉 research.checkpoint.com/2024/wezrat-ma…

FBI@FBI

The #FBI, @USTreasury, and @Israel_Cyber have released a joint #CybersecurityAdvisory on the Iranian cyber group Aria Sepehr Ayandehsazan aka Emennet Pasargad. Click for new tradecraft details, indicators, and mitigations: ic3.gov/CSA/2024/24103…

English

13K

lostpacket nag-retweet

Check Point Research@_CPResearch_·10 Eki

🇪🇺Amid the upcoming EU membership referendum, Moldova is being hit with #disinformation emails aimed at discrediting the pro-EU course and its supporters. 🕵️Read more about hybrid disinformation-malware operations across Europe by the #LyingPigeon group: research.checkpoint.com/2024/disinform…

English

7.5K

lostpacket nag-retweet

Bernardo Quintero@bquintero·21 Ağu

20 years of VirusTotal: 2004-2024

English

531

30.6K

lostpacket@_lostpacket_·4 Oca

@thepacketrat Duolingo always prepares you for the best case scenario. In others, Maria pours kefir into this salad and calls it a soup.

English

lostpacket@_lostpacket_·2 Kas

While most associate this report with the Israel-Hamas conflict, the actor managed to infiltrate numerous high-profile targets throughout the Middle East in recent years. Given their track record of sharing access with disruptive malware operators, this is a region-wide concern.

Check Point Research@_CPResearch_

[4\5] ScarredManticore has been consistently targeting high-profile organizations in Saudi Arabia, UAE, Kuwait, Oman, Jordan, and Israel. The most commonly targeted sectors are Government and Telecommunications.

English

717

lostpacket nag-retweet

Check Point Research@_CPResearch_·31 Eki

[1/5] CPR in collaboration with @sygnia_labs has been tracking #ScarredManticore, one of the most sophisticated Iranian threat actors uncovered to date. Attributed to the MOIS, it is linked to some of the most impactful Iranian intrusions in recent years. research.checkpoint.com/2023/from-alba…

English

24.6K

lostpacket@_lostpacket_·20 Tem

@thehellu or simply from VT

English

Daniel Lunghi@thehellu·18 Tem

The blogpost is live again with an update to reflect the possibility that the MSI installer could have been modified and then redistributed. However, as it was not publicly available, that would imply that the threat actor retrieved it from a PK gov entity before weaponizing it

English

933

Daniel Lunghi@thehellu·14 Tem

We found a probable supply chain attack on eOffice application developed by Pakistan government. It delivers #Shadowpad with an updated obfuscation and encryption scheme. The threat actor carefully chose the C&C to blend in legitimate network traffic trendmicro.com/en_us/research… #APT

English

100

46.6K

lostpacket nag-retweet

Greg Brooks@GregBrooksOH·24 Haz

This coup could have been an email

English

954

419.5K

lostpacket nag-retweet

Check Point Research@_CPResearch_·16 Şub

Amid the crisis in Azerbaijan’s breakaway region of Nagorno-Karabakh, our new report reveals Azerbaijani political surveillance using #OxtaRAT malware: 🕵️AutoIT/JPEG polyglot file 🎯Targets activists in Azerbaijan🇦🇿 and entities in Armenia🇦🇲 Read more >> research.checkpoint.com/2023/operation…

English

101

15.4K

lostpacket@_lostpacket_·9 Ara

Since the end of March, all the files submitted to VirusTotal from Donetsk and Luhansk regions are shown in their telemetry as ZZ country. @virustotal Any chance you can assist with geography to your geolocation services provider?

Check Point Research@_CPResearch_

#CloudAtlas continues its operations and during the last year narrows its targeting : 🎯Focus on Russia, Belarus and conflicted areas in Ukraine and Moldova 👾New DLL to proxy connections through the victims’ machines. 👉research.checkpoint.com/2022/cloud-atl…

English

lostpacket nag-retweet

Check Point Research@_CPResearch_·22 Eyl

We Reveal 7 Years of #ScarletMimic Mobile Surveillance Campaign Targeting Uyghurs: 📱 More than 20 different Android samples 📄 Uyghur-related lures 👁️ Full surveillance capabilities 🤙 Conduct calls and SMS from victim's device Read More: research.checkpoint.com/2022/never-tru…

English

lostpacket@_lostpacket_·24 Haz

@vinopaljiri @_CPResearch_ @CheckPointSW Happy Birthday and welcome to the team! We are so excited to have you on board! 🙏

English

Jiří Vinopal@vinopaljiri·24 Haz

As today is my birthday and I already got the best gift from my new employer its time for a little announcement.I finished my career in military CERT and in next week I am joining #CheckPoint as Threat Researcher @_CPResearch_ @CheckPointSW. Living dream-looking forward to it😊🤗

English

294

lostpacket@_lostpacket_·20 Haz

Thank you everyone who made #HagueTIX2022 happen. It was insightful, it was fun, and it had trains!

English

Tuklasin

@_JohnHammond @labscon_io @virusbtn @thepacketrat @sygnia_labs @thehellu @virustotal @elonmusk