Tom Padden
@tpad.bsky.social
📤 98
đź“Ą 254
đź“ť 4
Threat intelligence analyst. He/him
reposted by
Tom Padden
Julian-Ferdinand Vögele
6 months ago
New research from Insikt Group on a phishing campaign targeting Tajikistan attributed to TAG-110, a Russia-aligned threat actor, which overlaps with UAC-0063 and has been associated with APT28 (BlueDelta):
www.recordedfuture.com/research/rus...
loading . . .
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics
Russia-aligned TAG-110 shifts to .dotm phishing lures in a 2025 campaign against Tajikistan’s public sector, advancing cyber-espionage in Central Asia.
https://www.recordedfuture.com/research/russia-aligned-tag-110-targets-tajikistan-with-macro-enabled
0
5
2
reposted by
Tom Padden
Alexander Martin
8 months ago
0
1
1
Slabhead
8 months ago
1
1
0
reposted by
Tom Padden
PIVOTcon
9 months ago
📣 Oops!... They did it again!!! 61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25
Agenda is finally here, and the caliber is insane!!! Check it out➡️
pivotcon.org/agenda-2025/
#CTI
#ThreatIntel
Talks and presenters in🧵⬇️ 1/18
1
20
19
loading . . .
Heaven 17 - (We Don't Need This) Fascist Groove Thang
YouTube video by whynotandy
https://youtu.be/uWs1-2foKoo?si=qZntOqxs2XK0CulX
9 months ago
0
1
0
reposted by
Tom Padden
Dakota
9 months ago
The number of companies providing vulnerabilities to China’s MSS has ballooned to 324, up from 151 in 2023! Most new companies are currently Tier 3. China’s ecosystem of vuln suppliers is frothy.
2
18
12
reposted by
Tom Padden
Andy Greenberg
10 months ago
Microsoft finds a team within Sandworm has been carrying out widespread initial access operations on behalf of the GRU group and focused on US, UK, Canada and Australia networks over 2024, exploiting Connectwise ScreenConnect and Fortinet FortiClient EMS.
www.wired.com/story/russia...
loading . . .
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.
https://www.wired.com/story/russia-sandworm-badpilot-cyberattacks-western-countries/
2
64
32
reposted by
Tom Padden
tlansec
11 months ago
It's the most wonderful timeee of the year:
cloud.google.com/blog/topics/...
loading . . .
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation | Google Cloud Blog
Zero-day exploitation of Ivanti Connect Secure VPN vulnerabilities since as far back as December 2024.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/
0
6
2
reposted by
Tom Padden
Bryan’s Gunn
12 months ago
High octane stuff
loading . . .
57
1604
333
reposted by
Tom Padden
StrikeReady Labs
about 1 year ago
What kind of actor would be interested in targeting eurozone gas storage, as well as Ukrainian electrical transmission infrastructure?
strikeready.com/blog/ru-apt-...
loading . . .
RU APT targeting Energy Infrastructure (Unknown unknowns, part 3)
Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their p...
https://strikeready.com/blog/ru-apt-targeting-energy-infrastructure-unknown-unknowns-part-3/
0
4
4
reposted by
Tom Padden
CYBERWARCON
about 1 year ago
🚨 Don’t miss Tom Padden at
#CYBERWARCON
as he unpacks edge device targeting via 0-day exploits. Learn how state-sponsored actors, especially from China, use covert 'ORB' networks to hide operations and target critical sectors. đź”—
www.cyberwarcon.com/registration
0
10
1
Bit going on with edge device exploitation at the moment
labs.watchtowr.com/pots-and-pan...
loading . . .
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
Note: Since this is 'breaking' news and more details are being released, we're updating this post as more details become available (and as we think of better memes). Mash that F5 key every so often fo...
https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/
about 1 year ago
0
2
2
reposted by
Tom Padden
David Oxley at #CYBERWARCON
about 1 year ago
I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many!
go.bsky.app/TxQYHap
add a skeleton here at some point
32
186
74
reposted by
Tom Padden
Volexity
about 1 year ago
@volexity.bsky.social
has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here:
www.volexity.com/blog/2024/11...
loading . . .
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata
0
37
28
reposted by
Tom Padden
StrikeReady Labs
about 1 year ago
here's what today's russian apt phish campaign looked like, targeting ukraine tuyt8erti867i.synergize[.]co -> jkbfgkjdffghh.linkpc[.]net 44935484933a13fb6632e8db92229cf1c5777333fa5a3c0a374b37428add69fb
0
2
3
blog.sekoia.io/a-three-beat...
loading . . .
A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats
Sekoia TDR analysts conduct an assessment of threats regarding the major elections that will occur in 2024.
https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/
about 1 year ago
0
1
0
you reached the end!!
feeds!
log in
