Tweet ghim
Allison Wikoff
261 posts
Allison Wikoff
@SaltyWikoff
#threatintel Americas Lead @pwc. Hype woman. Beach Rat. Former Adjunct @Columbia. Lover of all the APTs. | All views are my own.
Tham gia Ağustos 2014
820 Đang theo dõi651 Người theo dõi
Allison Wikoff đã retweet
Allison Wikoff đã retweet
URGENT SECURITY ALERT:
Iranian Revolutionary Guards intelligence has initiated a phishing campaign targeting individuals abroad who are involved in Iran-related activities. The current attack specifically targets WhatsApp users. Do not click on suspicious links.
English
👀
(Thanks for the shoutout @NarimanGharib )
Nariman Gharib@NarimanGharib
A comprehensive database containing complete registration records of Ravin Academy students has been obtained by me, revealing detailed personal information of individuals enrolled in the organization's training programs. This database constitutes a significant intelligence asset, as it documents the systematic development of personnel for potential recruitment into MOIS cyber operations. The individuals identified in these records represent human resources that Ravin Academy cultivates and directs toward state-sponsored cyber activities targeting Iranian citizens, regional adversaries, and international entities on behalf of the Iranian government. blog.narimangharib.com/posts/2025%2F1…
English
Good summary re: leaks. A couple older links in reference to Ravin Academy
eur-lex.europa.eu/legal-content/…
pwc.com/gx/en/issues/c…
Hamid Kashfi@hkashfi
I wanted to do some commentary on the recent CharmingKitten leak, but the data and content seem to be mostly tampered with. Perhaps their future updates might show more, but as is, there's little to cover and makes me the UI playing along. All files have their metadata cleaned up and retouched, and by the few seconds time variance across them, it is possible that it's a much larger stash, taking few seconds to touch everything. On technical side, there's very little to highlight, other than using mostly opportunistic attempts and public PoC tools and exploits to gain access to targets, beside typical phishing campaigns. The irony in their logs and notes? They target a lot of domestic websites and Iranian orgs and companies :) That tells you how unhinged everything is out there in their org. Similar to the leak from few years ago related to OilRig internals, we're seeing heavily filtered and handpicked logs and target names and countries. How to get a better picture? Scan internet for live webshells with matching naming schemes. Detailed time logging and reporting might stand out at first glance, in a positive and interesting way, but it's worth noting that demanding that template mostly comes from deep mistrust between the ranked employers and operators, rather than following some sort of guard railing to monitor for internal policy violation, as it would be more common on the western side. Another noteworthy point one can see through the logs is that this is a team span across multiple locations and buildings, working in parallel. Typically staffed around 15-20, which is similar to dropped names here. At least some of the operators were participating in Ravin Academy's Red-Team classes, which is self explanatory. While Ravin can always take the plausible deniability route and claim they don't know who their students are, as someone closely familiar with that scene and echo system, I'd call that out. On the other hand, Ravin and similar entities are doing legitimate work within context of Iran's laws and in favor of their nation/gov. Training alone, cannot be a reason to question them. Attribution to incidents by overlapping TTPs, coding style and OpSec failures? Sure! Let's see what drops next and whether we will observe something significant. I also asked Gemini to crunch the logs and generate some notes: gist.github.com/Hamid-K/f4288d…
English
That feeling when your team gets a shout out for some of the work being done behind the scenes (page 29)
#pwc #ThreatIntel
GIF
NSA Cyber@NSACyber
Chinese state-sponsored actors are targeting global telecommunications and other critical infrastructure orgs. We’ve joined others worldwide to call these actors out and publish hunting & mitigation guidance to reduce this ongoing threat. media.defense.gov/2025/Aug/22/20…
English
Always fun to rep the pwc #threatintel team and talk about kittens, particularly in a local setting. #BSidesTampa was a great time and looking forward to next year.
Also thrilled to break out my homage to the unofficial (according to me) state bird, the Sandhill Crane 🤣🤣
English
Allison Wikoff đã retweet
Last week Dark Reading took a break from The Moscone Center and headed over to PwC’s offices in San Francisco, CA to meet up with PwC’s director and Americas lead for global threat intelligence, Allison Wikoff. She shares with us what she was most excited about for RSAC 2025! #rsac2025 #darkreading #darkreadingconfidential
English
What an incredible line up…
RSAC@OneRSAC
Former government officials join "Zero Day" executive producer & @nytimes reporter Michael Schmidt to explore the @netflix series’ chilling reflection of today’s threat landscape. Join us for this #RSAC 2025 Keynote. spr.ly/60132rvIH Thursday, May 1 9:40 AM - 10:30 AM PT
English
Allison Wikoff đã retweet
The FBI and DOJ announced a court-authorized operation that removed PlugX malware from thousands of computers in the U.S. and abroad. PRC-sponsored hackers used PlugX to target businesses, governments, and Chinese dissidents. Find more information here: fbi.gov/news/press-rel…
English
Allison Wikoff đã retweet
This week on Ahead of the Threat, #FBI's Bryan Vorndran and Equifax's Jamil Farshchi speak with Charles Carmakal, Chief Technology Officer at Mandiant, about disturbing trends in #cybersecurity attacks and techniques to avoid them.
Watch the episode here: youtube.com/watch?v=eehL_V…
YouTube
English
Allison Wikoff đã retweet
Treasury sanctions Salt, Silk Typhoon: cnn.com/2025/01/17/pol…
English
Allison Wikoff đã retweet
Now hiring ~5 threat intelligence positions in Europe:
🌍 Threat Intel Analyst (up to 50% remote): jobs.careers.microsoft.com/global/en/job/…
🌍 Senior TI Analyst (up to 💯% remote): jobs.careers.microsoft.com/global/en/job/…
Not explicitly stated, but based on current trends & corporate priorities, Chinese 🇨🇳 APT tracking experience is crucial.
Nick Carr@ItsReallyNick
Sometimes I take for granted that on our team we have real-time visibility into hundreds of simultaneous intrusions from every APT & FIN group on the planet. Including many right now from apex threat actors that others wait a lifetime to experience. I look at new intrusion sets every single day as far “left of boom” as you can imagine. The tough part is turning this into meaningful protection at scale, prioritizing within an endless sea of suspicious activity data, and not losing your mind & your creative edge along the way with what it will teach you about the state of the security industry.
English
@milenkowski of @SentinelOne and @JulianVoeg of @RecordedFuture discuss their observations of China-based, espionage-motivated threat actors using ransomware for various reasons blurring the lines of how TI generally defines and thinks about threat actors. #CyberThreat24
English
It finally happened - I am ALSO in the Blue place ✨🌌 Same handle & name as here! (Not an impersonator 😛) Not leaving this cursed app YET, but considering. Also couldn’t bear missing out on a) the awesome #cti / #threatintel community (💖) & b) my awesome handle! Cya there too!
English
Allison Wikoff đã retweet
🚨 New Research Drop:
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China.
🟣 Newly Disrupted Front Companies by USG.
🟣 Impersonating US based software and tech orgs.
🟣 Links to still-active front orgs, CN association 🇨🇳.
sentinelone.com/labs/dprk-it-w…
English
Allison Wikoff đã retweet
