Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
A retrospective analysis of 2025's top ransomware groups reveals how DNS traces, historical WHOIS records, and network IoCs exposed hidden infrastructure, affiliate activity, and thousands of potential victim connections linked to major cybercriminal operations.
An analysis of 191 network indicators tied to eight Iran-affiliated APT groups uncovered malicious domains, active infrastructure, thousands of victim-linked IP interactions, and coordinated DNS activity, revealing the breadth and persistence of Tehran-linked cyber operations amid escalating regional tensions.
WhoisXML API analysis deepens understanding of the UAT-8099 campaign, uncovering expanded DNS infrastructure, early indicators of malicious intent, and thousands of linked artifacts, underscoring the group's evolving tactics and regional focus across Asia.
Researchers tracing the ForceMemo campaign uncover a sprawling DNS footprint, linking compromised GitHub repositories to suspicious domains, shared infrastructure and fresh artifacts, suggesting a coordinated operation that continues to evolve despite partial attribution.
Keenadu backdoor embedded in Android firmware exploits supply chains and OTA updates, while DNS analysis of its infrastructure reveals coordinated domains, IP links, and early warning signals pointing to premeditated, scalable cybercriminal operations globally distributed.
MuddyWater's Operation Olalampo targets MENA entities using new malware and Telegram-based control, as DNS analysis uncovers fresh infrastructure, thousands of linked domains, and expanded indicators pointing to a broader, coordinated campaign.
LummaStealer's revival, paired with CastleLoader, reveals a more evasive malware ecosystem, leveraging obfuscation, DNS agility and vast infrastructure to reach over 100,000 potential victims while spawning hundreds of linked malicious domains and IPs globally observed.
An analysis of 11 cyber threats from Red Report 2026 reveals how attackers exploit core MITRE ATT&CK techniques, with DNS and IoC data exposing early warning signals, infrastructure scale, and evolving tactics across campaigns globally.
Security researchers trace an updated CoolClient backdoor used by HoneyMyte, uncovering malicious domains, subdomains and IP links, and revealing a wider infrastructure of email and DNS-connected assets tied to data theft operations globally active.
An analysis of DNS and WHOIS data tied to the PeckBirdy C&C framework uncovers expanded infrastructure, linking known IoCs to malicious domains, IPs, and email-connected assets across years of activity.
A World-Renowned Source for Internet Developments. Serving Since 2002.