Cyber Threat Intelligence — Analysis, Research & Detection
This week's highlights: BRICKSTORM defender guide from Google Threat Intelligence, Storm-1175 Medusa ransomware operations from Microsoft, UNC6783 social engineering via lookalike domains, Fortinet and Cisco CVE exploitation in the wild from Defused Cyber, and the BlueHammer zero-day disclosure reported by Bleeping Computer.
Read more →Storm-1175 is a financially motivated actor operating high-velocity Medusa ransomware campaigns, weaponising N-day vulnerabilities within days of disclosure. The group has targeted healthcare, education, finance, and professional services across Australia, the UK, and the US, moving from initial exploitation to full ransomware deployment in under 24 hours. This post covers 8 KQL detections across the full attack chain.
Read more →BRICKSTORM is a Go-based backdoor attributed to UNC5221 / Warp Panda targeting VMware vSphere infrastructure. Operating beneath the guest OS layer, it exploits the EDR visibility gap on virtualisation control planes. This post covers 8 KQL detections spanning initial access through to C2 and tamper detection.
Read more →This is a small cyber threat intelligence blog where I write about anything I find interesting, or that could be helpful.
Read more →