Discover and read the best of Twitter Threads about #RoyalRoad

Most recents (2)

Profile picture
Recorded Future
@RecordedFuture
Recorded Future analysts monitor targeting of ethnic and religious minorities by Chinese state-sponsored groups. In the first half of 2022, #TA413 exploited zero-days #Follina and CVE-2022-1040 with new custom backdoor #LOWZERO in Tibetan targeting. 1/9 bit.ly/3LwzoDf
#MalDoc lures, in Tibetan language, pose as applications for compensation, contest... This one sent from tibet[.]bet was weaponized with #RoyalRoad SHA 028e07fa88736f405d24f0d465bc789c3bcbbc9278effb3b1b73653847e86cf8, drops #LOWZERO and contacts hardcoded C2 45.77.19[.]75. 2/9 Image
Sent from the same domain, this lure has #phishing email links to tibet-gov.web[.]app posing as the Tibetan government-in-exile. Sent in 2 waves, the 1st email links to .docx attachment hosted on Google Firebase which attempts #Follina via the ms-msdt MSProtocol URI scheme. 3/9 Image
Read 9 tweets
Profile picture
The Banshee Queen ๐Ÿ‘‘
@cyberoverdrive
ICYMI, @PwC_UKโ€™s 2020 #threatintel Year in Retrospect report is out now! All team contributed but h/t to @KystleM_Reid! :fire: You can check it out here: pwc.to/2ZPx7fo In this thread, I will summarise some of what I thought were key findings: ๐Ÿงต๐Ÿ‘‡ 1/n
#Ransomware has become the most significant cyber security threat faced by organisations, irrespective of industry/location. TTPs have pivoted to mass data exfiltration prior to encryption, along with leaks & extortion. S/o to @andyp346 for all your work countering this.๐Ÿ™ 2/n
In 2020, 86% of the incidents that PwCโ€™s Incident Response team responded to were attributable to cyber criminals. 79% of leaks happened in 2nd half of 2020. Our data sees Manufacturing, TMT, & Professional Services most impacted. 3/n
Read 19 tweets

Related hashtags

#phishing #Trickbot #MalDoc #CobaltStrike #AppleJeus #APT #BEC #ShadowPad #Nefilim #espionage #Bazar #LOWZERO #PowerShell #Emotet #Supplychain #threatintel #Follina #RoyalRoad #DeathStalker #TA413 #CostaRicto #Qakbot #PlugX #Ransomware

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!