Piero Bosio Social Web Site Personale

New, from our @deepfield ERT: found a new botnet dressing its C2 traffic as camera management.#Drifter names its domains after Hikvision products, blending with surveillance traffic on the same VLAN as the Android TV boxes it infects. DNS queries go through an Australian resolver, which somewhat undermines the cover if your bot is in São Paulo.71 KB binary, already linked to attacks exceeding 2 Tbps from 80k sources. At least six operators are now competing for the same devices.https://github.com/deepfield/public-research/blob/main/drifter/report.md#threatintel #ddos

More seriously though, this is one of the symptoms of the fallout from the residential proxy + ADB vulnerability discovered by @synthient at the end of last year.Several botnets are now competing for access and persistence on this vast pool of proxy exit nodes. This is just one of them (not the biggest).

⚠️ SmarterMail flaws rapidly weaponized on TelegramThreat actors are sharing exploits for newly disclosed #SmarterMail vulnerabilities across #Telegram channels, accelerating mass scanning and compromise attempts before patch adoption, highlighting the shrinking window between disclosure and active exploitation.#ransomNews #ZeroDay #ThreatIntel

Oh well that's fucking clever. A threat actor is sending out phishing emails pretending to be SendGrid, and explaining that all their emails will include "Support ICE" banners in order to trigger ragebait clicks through to the phishing kit.#threatintel https://www.linkedin.com/posts/simokohonen_ragebait-as-a-phishing-tactic-a-threat-activity-7415349853754638336-gcCu?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAABIZhqYBjXCQuV7JX7N_3xlpxZY6alHZ77o