On 23 February 2020, greek news media reported that Greece Prime Minister’s office, the Ministry of Foreign Affairs, the National Intelligence Service and the Greek Police were the targets of an international cyber espionage campaign in April 2019 named Sea Turtle. This is one of the most significant cyber espionage activities against Greece that is publicly known. Sea Turtle campaign has been initially reported by Cisco Talos Intelligence Group last year.
See the below timeline: Continue reading “On Sea Turtle campaign targeting Greek governmental organisations” →
Happy New Year everyone! 2019 was just another interesting year in CTI. Every year I use to list my top 20 CTI presentations. See below the ones I enjoyed most, I learned something that I used in my day to day work, and gave me insights into cyber threats. I hope you enjoy them and I am looking forward to seeing your favourite ones. Enjoy and let’s have a chat about them (and about yours) during an upcoming CTI event in 2020! Continue reading “Top 20 CTI Presentations for 2019” →
January was an interesting moth for CTI practitioners! I took some time and collected the major articles and presentations that I read and watched during January 2019.
I hope you enjoy it. Continue reading “Threat Intel Reads – January 2019” →
Another year has passed and lots of good CTI/DFIR stuff have been presented! I took some time to watch again some of my favourite talks within 2018 and list my favourite 20 ones. The list provided below has a CTI focus, however some of the most representative talks related to blue team/red team as well as ICS have been selected. I hope you enjoy it! Continue reading “My Top 20 CTI/DFIR Talks for 2018” →
During the past week CrowdStrike published its 2018 Mid-Year Review call “Observation from the front lines of threat hunting“. This report provides insights, trends and details on today’s most sophisticated cyber attacks observed by CrowdStrike Falcon OverWatch team.
Some interesting points of the report include:
Continue reading “CrowdStrike’s 2018 Mid-Year Review” →
It was ~2 weeks ago when Costin Raiu wrote an article on “Where are all the ‘A’s in APT?”. In this article, Costin focused on what is regarded as sophisticated in observed APT attacks as well as how future detected sophisticated attacks will look like:
Continue reading “Costin Raiu on future sophisticated attacks” →
This is an interesting article based on FireEye, Inc. ‘s CEO Kevin Mandia presentation during CTI Forum. Some interesting points:
Continue reading “Kevin Mandia on Nation State Actors” →
During the past years, there has been a lot of public reporting on APT activity of group with Russia and China nexus. However, it has been observed that more and more countries have developed such advanced capabilities and their activity is captured and reported by the vendors and mainstream media.
FireEye’s list of sophisticated actors and naming conventions looks like this:
Continue reading “On reported APT trends” →