Meet The Team
Kostas: Kostas has practical experience and a clear grasp of the ever-changing world of information security. His approach is anchored in clarity, patience, and real-world adaptability. Committed to your success, … Read More
Real Intrusions by Real Attackers, The Truth Behind the Intrusion
Kostas: Kostas has practical experience and a clear grasp of the ever-changing world of information security. His approach is anchored in clarity, patience, and real-world adaptability. Committed to your success, … Read More
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment … Read More
Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can … Read More
In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported on many occasions. In this intrusion, however, a BazarLoader infection resulted in deployment of … Read More
Introduction First seen in May 2020, Conti ransomware has quickly become one of the most common ransomware variants, according to Coveware. As per Coveware’s Quarterly Ransomware Report (Q1 2021), Conti … Read More
Intro Sodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) groups over the last couple years. The ransomware family was purported to be behind … Read More