An in-depth look at Black Basta's TTPs
The Black Basta group constantly sought new malware and methods to infiltrate systems with ransomware. Here's a look at those tactics as drawn from a large leak of the group's chat messages.
VanHelsing Ransomware
Launched in March 2025, the cross-platform VanHelsing ransomware-as-a-service quickly attracted affiliates with its profit-sharing model and intuitive control panel, infecting multiple victims within weeks and showing signs o...
Writing high-quality IDS detection rules
In this Studio 471, Jeremy Kirk sits down with Luca Allodi and Koen Teuwen of Eindhoven University of Technology who co-authored a recent academic study that examines how to write lower-noise rules for intrusion detection sys...
Update: Medusa Ransomware
Medusa ransomware, active since 2021, continues to target critical infrastructure through unpatched applications and brokered access. Affiliates use living-off-the-land techniques and double-extortion tactics, prompting a new...
Six Key Takeaways From the SANS 2025 Threat Hunting Survey
SANS 2025 Threat Hunting Survey shines the light on why behavioral threat hunting can do what AI and IOC-hunts can’t do alone.
Threat hunting case study: RMM software
Attackers hijack or install their own remote monitoring and management software to penetrate deeper into organizations. This activity, however, can be detected using threat hunts based on threat intelligence.
Update: LockBit Ransomware
LockBit 4.0 continues to evolve with enhanced evasion techniques, making it a persistent threat to organizations, and Intel 471 has updated its collection with relevant Hunt Packages to support detection efforts.
Zservers: Bulletproof hosting for online crime
Russia-based bulletproof hosting service Zservers was exposed and hit with sanctions. But there are signs it may not have been permanently disrupted.
Update: Black Basta Ransomware and Threat Group
A significant leak of internal chat logs from within Black Basta ransomware group has provided the community with a glimpse into their operations, including further information regarding their capabilities, tools and motivati...
Black Basta exposed: A look at a cybercrime data leak
Black Basta suffered a leak of 197,000 internal chats messages, which has exposed critical details about how this damaging ransomware gang operated, including how its top member claims to have eluded law enforcement.
