EN / ES

Insights

Insights desde la primera línea de la ciberdefensa

Investigación, notas de ingeniería de detección y lecciones de respuesta a incidentes.

Habla con nuestros expertos

7 Apr 2025

Silent Ransom (Silk Typhoon) – Threat Actor Profile

Silent Ransom, also referred to as Silk Typhoon by Microsoft, is a Chinese state-aligned threat actor operating at the intersection of cyber espionage and data extortion. The group is known for conducting stealthy intrusions into government, telecom, and critical infrastructure organisations, typically without deploying ransomware in the traditional sense. Instead, it focuses on access operations, credential theft, and selective data exfiltration, occasionally coupled with financial or reputational extortion.

Read article

7 Apr 2025

TA406 / Phosphorus

TA406, also tracked as Phosphorus, Charming Kitten, or APT35 in overlapping campaigns, is an Iranian-linked cyber espionage group that has been active since at least 2015. While TA406 shares infrastructure and methodology with other Iranian threat actors, it is uniquely focused on long-term intelligence gathering through persistent spear-phishing campaigns, credential theft, and surveillance of individuals in strategic policy, defence, human rights, and academia.

Read article

7 Apr 2025

Trigona

Trigona is a double extortion ransomware group that emerged publicly in late 2022, and quickly gained attention for its aggressive enterprise targeting, database-specific encryption techniques, and rapid tooling evolution. Trigona combines file encryption with data exfiltration, threatening public release of stolen information via its dark web leak site.

Read article

7 Apr 2025

UserSec Collective

UserSec Collective is a pro-Russian hacktivist entity active since mid-2022. The group promotes itself as a decentralised digital army operating in support of Russian national interests and frequently targets government, financial, and public sector websites across NATO-aligned nations. Like other politically aligned hacktivist groups, UserSec primarily uses denial-of-service attacks and defacement tactics, alongside an active propaganda presence on Telegram and fringe social media platforms.

Read article

7 Apr 2025

XakNet Team

XakNet Team is a pro-Russian hacktivist group that emerged in the first half of 2022 in the wake of Russia’s full-scale invasion of Ukraine. The group claims to support Russia’s military objectives and engages in a mix of cyber attacks, data leaks, and coordinated disinformation campaigns. XakNet operates primarily through Telegram, where it publishes victim lists, leaked documents, and ideological statements.

Read article

2 Apr 2025

Mastering Threat Hunting: Scaling Threat Hunting with Automation and Orchestration

Throughout this series, we’ve explored thestrategic frameworks,essential tools, andreal-world scenariosthat define effective threat hunting. Scaling Threat Hunting with Automation and Orchestration delves into the critical strategies of automation and orchestration, revealing how organisations can effectively scale theirthreat-huntingcapabilities without compromising accuracy or effectiveness.

Read article

26 Mar 2025

Mastering Threat Hunting: Real-World Threat Hunting Scenarios

Having covered structured frameworks, methodologies, and essential tools, it’s time to explore real-world scenarios that illustrate the power and effectiveness ofproactive threat hunting. Through these detailed case studies, we aim to highlight practical applications of the techniques and tools we’ve previously discussed, showing clearly how structured methodologies deliver measurable value in detecting and mitigating threats.

Read article

19 Mar 2025

Mastering Threat Hunting: Essential Tools & Techniques for Effective Threat Hunting

Parts 1and2explored the strategic frameworks and methodologies necessary for effectivethreat hunting. Now, we delve into the essential tools and sophisticated techniques that form the practical backbone of any successful threat-hunting operation. Selecting and mastering the right tools enhances your threat detection capabilities and significantly increases your security team’s efficiency and accuracy.

Read article

9 Mar 2025

Rayhunter: Detecting Cell-Site Simulators Across Europe

Rayhunteris an innovative open-source tool designed by theElectronic Frontier Foundation (EFF)to uncover and combat the use of cell-site simulators (CSS), commonly known asIMSI catchers or Stingrays. These covert surveillance devices are frequently used by law enforcement and other entities to track mobile phones without user knowledge.Rayhunteroffers an accessible and affordable way todetectsuspicious cellular activity, making it an essential resource for journalists, activists, and privacy-conscious citizens in Europe and beyond.

Read article

5 Mar 2025

Mastering Threat Hunting: Understanding the Strategic Value of Threat Hunting

Cybersecurity threats are evolving, becoming increasingly sophisticated and adept at bypassing conventional automated defences. While traditional security mechanisms like SIEM alerts, endpoint detection tools, and firewalls remain integral to cybersecurity, relying solely on these reactive measures is insufficient against advanced adversaries.Threat hunting, a proactive approach, emerges as a necessary component to identify threats that have already evaded traditional security solutions, providing a critical defence layer for organisations.

Read article