Costin Raiu Profile picture
Romanian antihacker from another planet. #threatintel #yara #chess #taekwondo
Sep 23, 2022 12 tweets 4 min read
Here's my top 10 big "unattributed" #APT mysteries: 1. Project TajMahal: securelist.com/project-tajmah…
Sep 14, 2021 8 tweets 3 min read
How to check iOS devices for signs of CVE-2021-30860 / FORCEDENTRY exploitation (for context, see @citizenlab's 13.09.2021 blog). #nso #pegasus #malware #ios Make an unencrypted iTunes backup, or use MVT (docs.mvt.re/en/latest/inde…) to decrypt an encrypted one. You can also check older backups, if you have them. (it's a good idea to make regular iTunes backups for all your devices, precisely for this reason)
Feb 16, 2021 9 tweets 2 min read
1/9 The French National Cybersecurity Agency @ANSSI_FR released a report on Hades / Sandworm infecting Centreon servers with a PHP backdoor, followed by deploying the Exaramel Linux backdoor. Some notes: 2/9 Centreon is an IT monitoring software, created by a French company with the same name. Some customers include Accor Hotels, AirFrance / KLM, Airbus, Euronews, Orange and various French gov agencies. No indication any of these were breached.
Dec 21, 2020 8 tweets 3 min read
Cracking the Sunburst / Solorigate "do not infect" domain hashes, a thread 👉 In their comprehensive analysis of Sunburst / Solorigate, Microsoft highlights an interesting fact: that certain domains are excepted from further infection. microsoft.com/security/blog/…
Jan 10, 2019 10 tweets 4 min read
Today, Singapore gov published a large, thorough, 450+ pages analysis report on the Health Services Private Ltd hack. Here's a summary analysis highlighting the most interesting findings. Full report is available at: mci.gov.sg/coireport The attackers breached Singapore Health Services through a vulnerability in Outlook. Although a patch was available, the systems were not updated. As a side note, it is quite rare that we see attackers exploiting vulnerabilities in Outlook.