We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...

APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?

@volexity.com #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. www.volexity.com/blog/2025/04...

#dfir

Today, @volexity.com released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. @r00tbsd.bsky.social & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works+where to download it: www.volexity.com/blog/2025/04... #dfir

📣 Oops!... They did it again!!! 61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥 #PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/ #CTI #ThreatIntel Talks and presenters in🧵⬇️ 1/18

"Edge Devices Investigation" Paul Rascagneres, Principal Threat Researcher, Volexity (@r00tbsd , @r00tbsd.bsky.social , @[email protected]) 5/18

@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02... #dfir #threatintel #m365security

This talk is a great way to watch/listen to the details behind the work @stevenadair.bsky.social, @5ck.bsky.social, @tlansec.bsky.social + Volexity’s #threatintel & IR teams did to investigate the Nearest Neighbor Attack. The related blog post is here: www.volexity.com/blog/2024/11...

We were happy to have @volexity.com's @stevenadair.bsky.social & @5ck.bsky.social present “The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access” for the #FTSCon Keynote in October. The video of their talk is available here: youtu.be/qSNlDCg-IOM. #dfir

Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by @citizenlab.ca leveraging vulnerabilities in applications embedding old versions of Chromium trendmicro.com/en_us/resear...

#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025 Remember - one track,30m - no recording/streaming/tweeting. U should feel comfy to share more - No TLP:WHITE - Original content only Let us guide u through with a little meme-thread #CTI #ThreatIntel 1/10

@Volexity.com has developed a new open-source tool, “HWP Extract”, a lightweight Python library & CLI for interacting with Hangul Word Processor files. It also supports object extraction from password-protected HWP files. Download here: github.com/volexity/hwp...

#PIVOTcon25 registration is now OPEN 🤟📥📥📥 pivotcon.org #CTI #ThreatResearch #ThreatIntel Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)

Let’s try here and see how it goes ;)

Excited that we @volexity.com are able to share a writeup of one of our most interesting incidents! This case involves: * A 0-day exploit * Physical trips to the customer site to determine root cause * Compromise via Wi-Fi. www.volexity.com/blog/2024/11... #nearestneighbor #threatintel

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.    Read more here: www.volexity.com/blog/2024/11...