Latest Blogs

blog-column-img-one

August 07, 2024

Introducing the Bitter APT Group

Active for over 10 years, the Bitter threat actor has maintained an unusually frenetic pace of operations. Although occasionally derided on the sophistication scale, they have been wildly successful at completing their regional missions. In addition to first-party incidents we’ve investigated, this is also clear from use of exploited infrastructure to attack subsequent targets. They’ve been willing to burn accesses that other groups would have kept close held. This blog sheds light on their latest activities, including previously untracked IOCs, and provides analysis of their manually dropped payloads.

blog-column-img-one

July 24, 2024

Russia-nexus actor targets Ukraine

Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.

blog-column-img-one

June 27, 2024

This ELF is not your buddy

The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.

blog-column-img-one

June 24, 2024

Armageddon is more than a Grammy-nominated album

Russian Government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.

blog-column-img-one

May 29, 2024

Protecting against Dangling DNS hijacking is more than good hygiene

In this blog, we examine the typical causes of Dangling DNS hijacking, and how we were able to ethically report issues at a major vendor

blog-column-img-one

May 24, 2024

StrikeReady Wins Prestigious Global InfoSec Award from Cyber Defense Magazine

StrikeReady wins in three categories.

blog-column-img-one

May 21, 2024

RSA Conference 2024 Wrap-Up

Embracing AI, Secure by Design, and Security by Persona.

blog-column-img-one

April 20, 2024

Finding the unknown unknowns, part 1

This is the first article in a series about technical hunting wins that are attainable by all SOC teams.

blog-column-img-one

April 3, 2024

Rattling the cage of a Sidewinder

How StrikeReady helps you track APT infrastructure before it's used against your organization.

blog-column-img-two

February 29, 2024

Don't get BITTER about being targeted -- fight back with the help of the community.

How StrikeReady helped a SOC prioritize alerts triggered by a previously untagged APT actor.

blog-column-img-three

January 17, 2024

Stealing your email with a .txt file

A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.

blog-column-img-four

December 27, 2023

Pivoting through a Sea of indicators to spot Turtles

A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.