The most devious criminals are always one (or several) steps ahead of their victims. To stop them in their tracks, the good eggs among us need to figure out how they think — which is no easy feat.That’s why shows like “Mindhunter” and “Criminal Minds” are so popular. Understanding aberrant ... Read More

Weekly Threat Intelligence Report Date: June 10, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS This article continues the research found last week regarding an ongoing campaign using the Remcos remote access trojan. The attack appears to originate in Nigeria, and uses Lithuanian infrastructure. This week we’re ... Read More

Weekly Threat Intelligence Report Date: June 3, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS HYAS Threat Intelligence is currently tracking an active Remcos remote access trojan campaign that began on May 14, 2024, and is operated out of Maiduguri, Nigeria. Recent malware detonations have indicated Remcos ... Read More

Weekly Threat Intelligence Report Date: May 20, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Cyber Threat Intelligence Analysis This week in the HYAS Insight threat intelligence platform, we found a concerning open directory hosting multiple pieces of malware. This discovery, coupled with historical passive DNS data ... Read More

Weekly Threat Intelligence Report Date: May 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS This week, we continue to see significant activity originating from Autonomous System Numbers (ASNs) AS8968, AS44477, AS9318, AS216309, and AS216319. The observed activities from the mentioned ASNs signify diverse cybersecurity threats, including ... Read More

Weekly Threat Intelligence Report Date: April 29, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS The HYAS Threat Intelligence team has been researching the potential relationship between two campaigns. Recently, thehackernews posted a description of zscaler’s research into a backdoored IP Scanner tool that uses DNS MX ... Read More

Weekly Threat Intelligence Report Date: April 22, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS I read this article the other day from Hacker News about a DNS-based malware campaign that used fake IP scanners in the industry-news channel. I spent some time looking into it in ... Read More

Weekly Threat Intelligence Report Date: April 15, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Each week, we are sharing what we are seeing in our HYAS Insight threat intelligence and investigation platform, specifically autonomous system numbers (ASNs) and malware origins, as well as the most prominent malware ... Read More

Weekly Threat Intelligence Report Date: April 8, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Each week, we are sharing what we are seeing in our HYAS Insight threat intelligence and investigation platform, specifically autonomous system numbers (ASNs) and malware origins, as well as the most prominent malware ... Read More

Weekly Threat Intelligence Report Date: April 1, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Each week, we are sharing what we are seeing in our HYAS Insight threat intelligence and investigation platform, specifically a summary of the top autonomous system numbers (ASNs) and malware origins, as ... Read More