Interviews
My research
Analysis and Interdiction of Attack Campaigns: AsyncRAT
Threat hunting in public sandboxes has been, admittedly, a hobby of mine for the last two years or so. Recently, I have been looking through [...]
Oct
More Money, More Magecart
Online shopping sites are prime targets for cybercriminals. Large sites can process vast quantities of personal information and payment data, making them a high-value reward [...]
Aug
OSINT Insights: Watching the Skies
Aviation is an interest of mine as some of my family worked on airlines and I enjoy volunteering my time to work with organisations such [...]
Jul
Phishing Attack on Mobile Banking
There is no doubt that mobile banking has taken the world by storm. Another growth industry is digital-only banks, especially in the UK. As of January [...]
May
Cyber Threat Intelligence Project: Android Banking Trojan Nexus
Android banking Trojans are an interesting threat because if successful, it can be a huge payday for a cybercriminal and a terrible loss for the [...]
Apr
Tracking Adversaries: RedZei, Chinese-speaking Scammers Targeting Chinese Students in the UK
Welcome to the final BushidoToken blog of 2022. Over the last year or so, an associate of mine in the UK has been targeted by [...]
Mar
Tracking a Renewable Energy Data Collection Campaign
For my first research blog of 2022, I analysed a suspected intelligence gathering campaign targeting renewable energy and industrial technology organisations, with a particular focus [...]
Mar
Open Redirect Vulnerability in Oracle BlueKai
Phishing threat actors are continuously seeking new methods to increase the chances of success in their campaigns. Phishing is still one of the main initial [...]
Feb
CTI Initiative: Threats Exploiting Legitimate Services
Legitimate third-party Platform-as-a-Service (PaaS) providers are becoming increasingly leveraged by threat actors for phishing and malware deployment. PaaS providers such as cloud instances, marketing platforms, [...]
Jan
Collecting Information on the Qakbot Banking Trojan
Background: The Qakbot banking Trojan is one of the top-tier malware families on the current threat landscape. It is distributed in mass spam campaigns, steals [...]
Dec
Fraudulent Steam Desktop Authenticator App Distributing DarkCrystal RAT
I recently encountered an intriguing campaign that uses fake websites to distribute malware. While this technique (TTP) is not new, it appears to be increasing [...]
Nov
Dead Drop Resolvers: Espionage-Inspired C&C Communications
A “dead drop” is a well-known espionage tactic of passing items or information between two parties using secret locations. The two parties never meet and [...]
Nov
Analyzing Threats Targeting Point-of-Sale (POS) Systems
Background A point of sale (POS) system refers to the critical piece of software used by customers to execute a payment for goods or a [...]
Nov
The Attribution Game
In 1937, one of the world’s most authoritative art historians, Abraham Bredius, was approached by a lawyer on behalf of a Dutch family estate to [...]
Oct
An Analysis of the “Meyhod” JavaScript Web Skimmers
A new web skimmer called “Meyhod” has recently been disclosed by RiskIQ. Named after a typo in its code, this malware first surfaced in October, [...]
Sep
Tips and Strategies for Operational Security
As my final blog post of 2020, I’d like to share a brief checklist to help users and researchers stay safe online. Many attackers use [...]
Aug
Tracking Adversaries: GreenMwizi, a Kenyan Scamming Campaign Leveraging Twitter Bots
Prologue I find uncovering new campaigns and sharing research on novel threats is one the most enjoyable parts of my job as a CTI researcher. [...]
Jul
Analysis of the NetWire RAT Campaign
Executive summary: Threat actors continue to leverage the NetWire Remote Access Trojan (RAT) in malicious spam email attacks using low-detection scripts, URL shorteners, and the [...]
Jul
ANY.RUN Christmas Capture the Flag (CTF)
Keen-eyed Tweeps may have noticed that AnyRun tweeted out a Christmas CTF in their Xmas post card this year (see above). I enjoy a good [...]
Jun
In-Depth Analysis: The Magecart Collective
The Magecart collective is a network of cybercriminal groups that have rapidly and successfully inserted credit card skimming scripts into compromised e-commerce websites. These malicious [...]
May
Latest wave of Cerberus targets English-speaking users
Following the recent discoveries shared by @MalwareHunterTeam and @LukasStefanko on Twitter, I took a closer look at the ongoing Cerberus Android banking Trojan campaign. It has recently reared its [...]
May