{ "id": "c2306e24-798b-456d-bee6-eec37d38b86a", "created_at": "2026-04-06T00:18:07.456625Z", "updated_at": "2026-04-10T03:37:58.963776Z", "deleted_at": null, "sha1_hash": "3df5114c66641cb17e201b3b8162071e48ccb87a", "title": "Blog: Stay Ahead of Cyber Threats", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 85072, "plain_text": "Blog: Stay Ahead of Cyber Threats\r\nBy Intel 471\r\nPublished: 2026-04-01 · Archived: 2026-04-05 19:48:55 UTC\r\nIntel 471 Logo 2024.png\r\nEmerging Threats//Apr 1, 2026\r\nTeamPCP Supply Chain Attacks\r\nTeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials,\r\nand extend attacks across software supply chains.\r\nTurning Geopolitical Tension into Actionable Intelligence Intel 471.jpeg\r\nMar 31, 2026\r\nTurning Geopolitical Tension into Actionable Intelligence\r\nIntel 471’s updated Geopolitical Intelligence solution is designed to translate volatile global dynamics into timely,\r\nactionable insights.\r\nVulnerability Spotlight Blog 1.png\r\nMar 24, 2026\r\nCVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration\r\nplatform\r\nZerobot, a Mirai-based botnet known for targeting Internet of Things (IoT) devices, has leveraged a critical\r\nvulnerability tracked as CVE-2025-68613 to compromise instances of the n8n workflow automation platform.\r\nCyber Threat Exposre Bundle Blog 2026.png\r\nMar 17, 2026\r\nIntroducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk\r\nTo empower organizations against the growing complexity of their attack surface, Intel 471 is introducing the\r\nCyber Threat Exposure Bundle.\r\nCisco SD-WAN image3.png\r\nMar 13, 2026\r\nhttps://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/\r\nPage 1 of 3\n\nCVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild\r\nCVE-2026-20127 is an improper authentication vulnerability impacting Cisco Catalyst SD-WAN Controller,\r\nformerly vSmart, and SD-WAN Manager, formerly vManage, components.\r\nIntel 471 Logo 2024.png\r\nEmerging Threats//Mar 13, 2026\r\nHandala Threat Group\r\nAn Iranian aligned threat group conducting destructive and espionage focused cyber operations against\r\norganizations in Israel and Western countries.\r\nOpenClaw blog image 2.png\r\nMar 12, 2026\r\nOpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery\r\nSince early 2026, interest in OpenClaw — the open source autonomous AI agent developed by Peter Steinberger\r\n— has surged.\r\nHacktivism density map top level domains.png\r\nMar 9, 2026\r\nIsraeli, US strikes against Iran triggers a surge in hacktivist activity\r\nOn Feb. 28, 2026, the U.S. and Israel launched coordinated strikes against Iran, marking the start of open conflict\r\nafter months of escalating tensions.\r\nAI driven vulnerability research intel 471 blog.jpeg\r\nMar 5, 2026\r\nCVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research\r\nCVE-2026-1731 is an operating system (OS) command injection vulnerability impacting BeyondTrust Remote\r\nSupport (RS) and Privileged Remote Access (PRA) software\r\nTycoon 2FA Blog Intel 471.png\r\nMar 4, 2026\r\nBorn to bypass MFA: Taking down Tycoon 2FA\r\nIntel 471 has worked with law enforcement and private industry in action coordinated by Europol’s European\r\nCybercrime Centre (EC3), culminating in today’s takedown of Tycoon 2FA’s operations and infrastructure.\r\nhttps://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/\r\nPage 2 of 3\n\nSource: https://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/\r\nhttps://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "references": [ "https://blog.intel471.com/2020/05/21/a-brief-history-of-ta505/" ], "report_names": [ "a-brief-history-of-ta505" ], "threat_actors": [ { "id": "4134675e-5b72-4b50-8d70-1a8f18aafbb4", "created_at": "2024-10-04T02:00:04.766263Z", "updated_at": "2026-04-10T02:00:03.715945Z", "deleted_at": null, "main_name": "Handala", "aliases": [], "source_name": "MISPGALAXY:Handala", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "5e6b31a6-80e3-4e7d-8b0a-d94897ce9b59", "created_at": "2024-06-19T02:03:08.128175Z", "updated_at": "2026-04-10T02:00:03.636663Z", "deleted_at": null, "main_name": "GOLD TAHOE", "aliases": [ "Cl0P Group Identity", "FIN11 ", "GRACEFUL SPIDER ", "SectorJ04 ", "Spandex Tempest ", "TA505 " ], "source_name": "Secureworks:GOLD TAHOE", "tools": [ "Clop", "Cobalt Strike", "FlawedAmmy", "Get2", "GraceWire", "Malichus", "SDBbot", "ServHelper", "TrueBot" ], "source_id": "Secureworks", "reports": null }, { "id": "75d4d6a9-b5d1-4087-a7a0-e4a9587c45f4", "created_at": "2022-10-25T15:50:23.5188Z", "updated_at": "2026-04-10T02:00:05.26565Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "TA505", "Hive0065", "Spandex Tempest", "CHIMBORAZO" ], "source_name": "MITRE:TA505", "tools": [ "AdFind", "Azorult", "FlawedAmmyy", "Mimikatz", "Dridex", "TrickBot", "Get2", "FlawedGrace", "Cobalt Strike", "ServHelper", "Amadey", "SDBbot", "PowerSploit" ], "source_id": "MITRE", "reports": null }, { "id": "99cb4e5b-8071-4f9e-aa1d-45bfbb6197e3", "created_at": "2023-01-06T13:46:38.860754Z", "updated_at": "2026-04-10T02:00:03.125179Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "SectorJ04", "SectorJ04 Group", "ATK103", "GRACEFUL SPIDER", "GOLD TAHOE", "Dudear", "G0092", "Hive0065", "CHIMBORAZO", "Spandex Tempest" ], "source_name": "MISPGALAXY:TA505", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e447d393-c259-46e2-9932-19be2ba67149", "created_at": "2022-10-25T16:07:24.28282Z", "updated_at": "2026-04-10T02:00:04.921616Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "ATK 103", "Chimborazo", "G0092", "Gold Evergreen", "Gold Tahoe", "Graceful Spider", "Hive0065", "Operation Tovar", "Operation Trident Breach", "SectorJ04", "Spandex Tempest", "TA505", "TEMP.Warlock" ], "source_name": "ETDA:TA505", "tools": [ "Amadey", "AmmyyRAT", "AndroMut", "Azer", "Bart", "Bugat v5", "CryptFile2", "CryptoLocker", "CryptoMix", "CryptoShield", "Dridex", "Dudear", "EmailStealer", "FRIENDSPEAK", "Fake Globe", "Fareit", "FlawedAmmyy", "FlawedGrace", "FlowerPippi", "GOZ", "GameOver Zeus", "GazGolder", "Gelup", "Get2", "GetandGo", "GlobeImposter", "Gorhax", "GraceWire", "Gussdoor", "Jaff", "Kasidet", "Kegotip", "Kneber", "LOLBAS", "LOLBins", "Living off the Land", "Locky", "MINEBRIDGE", "MINEBRIDGE RAT", "MirrorBlast", "Neutrino Bot", "Neutrino Exploit Kit", "P2P Zeus", "Peer-to-Peer Zeus", "Philadelphia", "Philadephia Ransom", "Pony Loader", "Rakhni", "ReflectiveGnome", "Remote Manipulator System", "RockLoader", "RuRAT", "SDBbot", "ServHelper", "Shifu", "Siplog", "TeslaGun", "TiniMet", "TinyMet", "Trojan.Zbot", "Wsnpoem", "Zbot", "Zeta", "ZeuS", "Zeus" ], "source_id": "ETDA", "reports": null }, { "id": "63883709-27b5-4b65-9aac-c782780fbb28", "created_at": "2026-04-10T02:00:03.996704Z", "updated_at": "2026-04-10T02:00:03.996704Z", "deleted_at": null, "main_name": "TeamPCP", "aliases": [], "source_name": "MISPGALAXY:TeamPCP", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434687, "ts_updated_at": 1775792278, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3df5114c66641cb17e201b3b8162071e48ccb87a.pdf", "text": "https://archive.orkl.eu/3df5114c66641cb17e201b3b8162071e48ccb87a.txt", "img": "https://archive.orkl.eu/3df5114c66641cb17e201b3b8162071e48ccb87a.jpg" } }