Aug 18, 2025
A South Asian APT has been persistently targeting Sri Lanka, Bangladesh, Pakistan, and Turkey. This post walks through infrastructure and malware pivots to expose novel tooling that compromised the phones of military-adjacent folks.
Nov 28, 2024
Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their phishing campaigns.
Oct 28, 2024
Customers often have a broad understanding of threat groups they want to track, but not always the tools to build operational workflows to enrich and action results. This blog walks through three simple pivots we can take off your plate.
September 09, 2024
Artificial intelligence (AI) has been a hot topic across industries, especially in cybersecurity. With promises of revolutionizing threat detection and response, AI is often surrounded by hype and skepticism. In a recent StrikeReady webinar, Alex Langston, Chief Evangelist, and Tom Los, a veteran in security, took a deep dive into the myths versus realities of AI in cybersecurity, specifically for Security Operations Center (SOC) leaders.
August 07, 2024
Active for over 10 years, the Bitter threat actor has maintained an unusually frenetic pace of operations. Although occasionally derided on the sophistication scale, they have been wildly successful at completing their regional missions. In addition to first-party incidents we’ve investigated, this is also clear from use of exploited infrastructure to attack subsequent targets. They’ve been willing to burn accesses that other groups would have kept close held. This blog sheds light on their latest activities, including previously untracked IOCs, and provides analysis of their manually dropped payloads.
July 24, 2024
Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.
June 27, 2024
The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.
June 24, 2024
Russian Government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.
May 29, 2024
In this blog, we examine the typical causes of Dangling DNS hijacking, and how we were able to ethically report issues at a major vendor
May 24, 2024
StrikeReady wins in three categories.
April 20, 2024
This is the first article in a series about technical hunting wins that are attainable by all SOC teams.
April 3, 2024
How StrikeReady helps you track APT infrastructure before it's used against your organization.
February 29, 2024
How StrikeReady helped a SOC prioritize alerts triggered by a previously untagged APT actor.
