's Avatar

@adorais

Manager, APT Research Team @ Proofpoint

79
Followers 125
Following 10
Posts 12.12.2024
Joined
Posts Following

Latest posts by @adorais

Multiple reports have documented specific TA397 campaigns, this one takes a holistic look at the group's activity and puts forward attribution elements pointing towards Indian state interests alignment.

Stellar work by @nickattfield.bsky.social and @threatray.bsky.social's researchers

06.06.2025 13:58 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

We assess the motivation was to better understand the appetite to continue fighting against the RU invasion and assess the medium-term outlook of the conflict.

Great work by @greg-l.bsky.social @saffronsec.bsky.social and @mkyo.bsky.social !

13.05.2025 14:08 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
TA406 Pivots to the Front | Proofpoint US What happenedΒ  In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these

New Proofpoint blog alert

We observed DPRK actor TA406 (overlaps w/ Opal Sleet/Konni) targeting government entities in Ukraine in early 2025:

www.proofpoint.com/us/blog/thre...

13.05.2025 14:08 πŸ‘ 7 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0

Personal bias aside, that is still a must-read. Impressive work by @saffronsec.bsky.social grouping together multiple campaigns to provide a comprehensive view of APT state-sponsored actors using ClickFix. Here's to your first blog with us! πŸ₯‚

17.04.2025 19:07 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Great team collab by @saffronsec.bsky.social
@mkyo.bsky.social @greg-l.bsky.social and Josh Miller 🀝

17.04.2025 19:00 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Today, we release a new blog that highlights how state-sponsored groups from North Korea, Iran, and Russia were all seen using the ClickFix technique in their routine activity. We also release key IOCs for all campaigns. Happy hunting!

17.04.2025 19:00 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social

🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...

In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...

17.04.2025 19:00 πŸ‘ 2 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

Network iocs:
academymusica[.]com
samsnewlooker[.]com
jacknwoods[.]com
38.180.142[.]228
96.9.215[.]155

17.12.2024 15:24 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Hot off the press - new report on TA397 (aka Bitter) by Proofpoint's Threat Research team
- Targeted the Turkish defense sector in Fall 2024
- Uses Alternate Data Streams in RAR archives

www.proofpoint.com/us/blog/thre...

17.12.2024 15:24 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Developing story - attack against #BGP peers of a European telco. The malicious emails impersonated that same telco and included the ASN of each recipient in the subject line.
The emails contained a password-protected RAR attachment with the malicious payload.

12.12.2024 21:21 πŸ‘ 5 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Post image Post image Post image

since I'm cold and missing #OBTS I wanted to reflect on what
@jacoblatonis.me and Tomas have gifted us with the YARA-X Macho module

the OG YARA macho parsing left a lot to be desired, and the new YARA-X ver has all sorts of goodies

12.12.2024 20:26 πŸ‘ 19 πŸ” 8 πŸ’¬ 2 πŸ“Œ 0