The Intelligence Corner

Our experts’ unique discoveries, observations, and opinions on what’s trending today in Business Risk Intelligence and the Deep & Dark Web.

Search results

U.S. Sanctions Against Russia Raise Questions Over National Security Policy

December 29, 2016

On December 29, 2016, United States President Barack Obama formally enacted measures targeting the Russian Federation in response to a campaign of Russian state-sponsored interference in the 2016 U.S. Presidential Election. The President approved an amendment to Executive Order 13964, updating a previous executive order that gave the Federal government expanded authority to respond to […]

Read more

Insider Threats: “The Shadow Brokers” Likely Did Not Hack the NSA

UPDATED 12/20/2016 3:45 PM ET  Key Takeaways • Based on the data released in the most recent dump by the threat actor known as “The Shadow Brokers,” Flashpoint assesses with medium confidence that the stolen information was likely obtained from a rogue insider. Flashpoint is uncertain of how these documents were exfiltrated, but they appear to […]

Read more

Flashpoint and Talos Analyze the Curious Case of the flokibot Connector

Key Takeaways • In the financial cybercrime landscape, we see a continuous progression of the malware known as “Floki Bot,” which has been marketed by the actor “flokibot” since September 2016. • Language is not a barrier: though experience suggests that many cybercriminals tend to stay within their language groups, those with a high level […]

Read more

The Shadow Brokers’s “Trick or Treat” Leak Exposes International Stage Server Infrastructure

Key Takeaways The hacker collective known as “The Shadow Brokers” has published another leak related to the “Equation Group” — a group of hackers believed to be operated by the National Security Agency (NSA). The group posted an archive titled “trickortreat,” leaking the pair (redirector) keys allegedly connecting stage servers of numerous covert operations conducted […]

Read more

Pro-ISIS Jihadists Dabble in Encryption, Prove Under-Sophisticated

Jihadi actors have been experimenting with encrypted communication technologies since as early as 2008. Through the development of proprietary encrypted communication tools and the growing adoption of various cyber technologies, these actors have demonstrated an increased interest in obfuscating their digital fingerprints. This interest is underscored through discussions on top jihadi web forums, where members […]

Read more

Anatomy of Locky and Zepto Ransomware

The criminals behind the notorious Locky and Zepto ransomware spam campaigns continue to shift tactics in an effort to circumvent anti-virus detection. Recently, the cybercriminal syndicate has been leveraging obfuscated Windows Script Files (.wsf) and HTML Applications (.hta) inside a zip archive. Such files allow JScript, VBScript, and other scripting languages to execute. By using […]

Read more