Author Archives: Emin Baylarov

Background Active since at least August 2021, a new English-speaking threat actor calling themselves “1977” has developed and advertised a new eCrime market on multiple underground forums called Darth Maul Shop. This blog aims to highlight some of the key aspects of a new emerging eCrime market, analyze its reception by other threat actors, and discuss […]

A Brief Overview of the Spread of an Advanced Commercial Penetration Testing Tool Among Cybercriminals This short blog aims to document the spread of a sophisticated commercial penetration testing tool within cybercriminal communities across multiple Russian- and English-speaking underground forums. What? Available since December 2020, Brute Ratel C4 (aka BRC4) is one of the hottest […]

In February 2022, following the Russian invasion of Ukraine, the operators of Conti ransomware announced their support of the Russian government. They shortly walked back their support, seemingly after rifts by members of the group. Not long after that, hundreds of thousands of messages from internal chat logs were shared publicly by two accounts on […]

Introduction Russian state-sponsored threat groups, including Fancy Bear (APT28), Cozy Bear (APT29), Turla, and Sandworm, are widely recognized for their sophisticated cyber-espionage operations, targeted intrusions, destructive cyber attacks, and disinformation efforts. However, some of their capabilities extend beyond commonly targeted government and critical infrastructure networks and are less well-known. The primary Russian intelligence agencies—GRU, FSB, […]

Introduction Based on feedback from fellow cyber threat intelligence (CTI) researchers, incident responders, and managed detection and response teams about my Ransomware Tool Matrix project, I decided to develop another Tool Matrix, this time focusing specifically on one particular hostile state: Russia. As defenders, we can take advantage of the fact that Russian APT groups […]