Topic: Cyber investigations and threat intelligence

Machete adopts LokiRat as part of their toolset
By Edson Sierra
Hannah Meyerfeld
December 23, 2020
Accenture Cyber Threat Intelligence observed Machete, a Spanish-speaking cyber-espionage threat group, integrate LokiRat code into their toolset. Learn more.
How new sophisticated attacks threaten our favorite places
By Joshua Ray
December 17, 2020
Cybercriminals are finding ways to attack the platforms that we use and love. Learn more.
Tracking and combatting an evolving danger: Ransomware extortion
By Paul Mansfield
December 15, 2020
More companies are being targeted with various new extortion techniques and ransomware gangs are accumulating large profits. Learn more.
Four things CISOs should be doing right now
By Piyush Jain
December 7, 2020
Accenture's blog explains four tips for CISOs who want to ensure security is implemented throughout their organization and is effective. Read more.
Energy companies in the UK and Ireland should prepare now to repel a growing number of ransomware attacks
By Kristian Alsing
December 3, 2020
There is a growing number of examples of ransomware attacks in the energy sectors. Learn how to prepare, protect and respond.
Win the hearts of incident responders with Windows logging
By Mark McCurdy
November 30, 2020
Accenture's blog describes how to leverage Windows logging for incident response. Read more.
Why you need to stay safe working from home
By Joshua Ray
November 16, 2020
Accenture's blog takes close look at the first trend from the 2020 Cyber Threatscape Report—how COVID-19 accelerates the need for adaptive security. Read more.
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
By Accenture Cyber Threat Intelligence
October 28, 2020
Turla, identified internally by Accenture Cyber Threat Intelligence as Belugasturgeon, targets government organizations using custom malware. Read more.
Shady deals: The destructive relationship between network access sellers and ransomware groups
By Paul Mansfield
Thomas Willkan
October 12, 2020
Ransomware groups are taking advantage of opportunities to purchase network access on dark web forums to compromise networks and unleash malware. Learn more.
State-aligned adversaries and COVID-19: How has COVID-19 impacted your strategic cyber threat model?
By Ed Williams
October 7, 2020
Accenture's blog discusses the importance of reviewing a strategic threat model now as organisations work to understand the pandemic’s impact. Read more.
Active defense: Sweep the leg!
By Ryan Leininger
Medicus A. Riddick III
October 1, 2020
Accenture's blog shares how your organization can better prepare for a proactive defense posture. Read more.
All aboard! How hackers are moving in on the transit sector
By Howard Marshall
June 22, 2020
Accenture's blog reveals public transportation systems can face a range of threats from financially and politically motivated cyberthreat actors. Read more.
Threat actors update phishing techniques to take advantage of cloud transitions
By Heather Larrieu
May 27, 2020
Accenture Security CIFR team has seen threat actors update their phishing techniques to take advantage of the rapid adoption of cloud-based SaaS. Read more.
Look out, C2 communications: PXJ may be coming for you
By Nancy Strutt
May 18, 2020
Accenture iDefense analysts have uncovered details about command-and-control communications in a dangerous new PXJ ransomware variant. Read more.
Extortion entrepreneurs: How cybercriminals are bullying businesses
By Paul Mansfield
May 8, 2020
In this blog post, Accenture's Paul Mansfield describes various threat actor tactics used to extort organisations. Read more.
Citrix virtual hard disk analysis: Don't miss coins in your swap
By Mark McCurdy
Larry McDonald
Heather Larrieu
April 24, 2020
The Accenture Security Cyber Investigation and Forensics Response (CIFR) team investigated a potential exploit of a Citrix NetScaler appliance. Read more.
New Click2Gov Threat: Sophisticated, Sneaky and Dangerous
By Alireza Salimi
Jeffrey Beley
April 14, 2020
Accenture's CIFR team investigates new Click2Gov breaches attempted by the hackers responsible for the 2017 and 2018 threats as well. Read more.
Looking back to see the future: CIFR DeLorean - 2020 Edition
By Ryan Leininger
February 26, 2020
iDefense analyzes 2019 Cyber Investigation and Forensics Response (CIFR) data and predicts trends for 2020. Learn more.
E-commerce under attack
By Paul Mansfield
December 2, 2019
This blog explains some of the ways e-commerce businesses are targeted and actions both customers and businesses can take to mitigate these threats. Read more.
Threat hunting: Disrupting advanced adversaries
By Ryan Leininger
Jeffrey Beley
September 18, 2019
This blog post takes a deep dive into Accenture’s threat hunting approach, exploring the phases of the cycle and sharing a recent case study.
New version of MegaCortex targets business disruption
By Leo Fernandes
August 5, 2019
iDefense engineers identified and analyzed an updated version of the dangerous ransomware MegaCortex. Learn more.
What’s the cyber future for financial services?
By Valerie Abend
April 26, 2019
Our report, “Future cyber threats: Extreme but plausible threat scenarios in Financial Services,” describes cyber attack scenarios for financial services.
Care and feeding of your active threats
By Accenture Incident Response
March 11, 2019
If you want your organization to experience well-established active cyber threats, keep these lessons in mind. Read more.
Mudcarp's focus on submarine technologies
By Accenture Cyber Threat Intelligence
March 5, 2019
iDefense analysts have likely identified the contractor targeted by the threat group MUDCARP, in addition to supply chain assets, universities and labs.
SNAKEMACKEREL delivers SedUploader malware
By Accenture Cyber Threat Intelligence
February 13, 2019
This blog post intends to provide early indication and warning notice about an opportunity for SNAKEMACKEREL actors to conduct attacks. Learn more.
Threat hunting: Improving resilience with an intelligence-driven, hypothesis-based approach
By Justin Harvey
Ryan Leininger
February 5, 2019
Accenture's approach to threat hunting combines actionable intelligence with testable hypotheses to drive outcome-based operations. Learn more.
Pond Loach delivers BadCake malware
By Accenture Cyber Threat Intelligence
January 17, 2019
During 2018, iDefense observed several events likely attributed to the POND LOACH threat group, an adversary that has likely been active since 2013. Learn more.
SNAKEMACKEREL delivers Zekapab malware
By Accenture Cyber Threat Intelligence
November 29, 2018
iDefense analysts identified a campaign by SNAKEMACKEREL using a BREXIT-themed lure document to deliver the Zekapab first-stage malware. Learn more.
iDefense Anomali Detect ’18 recap
By Accenture Cyber Threat Intelligence
October 16, 2018
Members of Accenture's Cyber Threat Intelligence team presented original research on a group called MUDCARP at the 3rd annual Anomali Detect conference.
Goldfin security alert
By Joshua Ray
August 2, 2018
A series of cyberattacks using a malware family called SOCKSBOT was used by a threat group in an 18-month-long campaign dubbed Goldfin. Learn more.
Hogfish alert
By Joshua Ray
April 23, 2018
HOGFISH, also known as APT10, is an espionage threat group that has been heavily targeting Japan and Western organizations since as early as 2009. Learn more.
Monero/WannaMine alert
By Joshua Ray
March 22, 2018
Monero is rapidly becoming the cryptocurrency of choice in the cybercriminal underground economy. Learn more.
Elise malware alert
By Joshua Ray
January 28, 2018
After the first attack in 2015, a new form of the Elise malware has been identified by the iDefense team in Accenture Security. Learn more.
TRITON/TRISIS malware alert
By Joshua Ray
January 23, 2018
TRITON (also known as TRISIS or HatMan) is a destructive malware and framework that can alter and disrupt operations of safety instrumented systems. Learn more.
CRASHOVERRIDE malware alert
By Joshua Ray
January 10, 2018
Examination of a power outage in Kiev, Ukraine in December 2016 identified a malware framework known as CRASHOVERRIDE or INDUSTROYER. Learn more.
WANACRYPT0R malware alert
By Joshua Ray
May 20, 2017
In May 2017, the WanaCrypt0r/WannaCry ransomware attack affected 47 National Health Service trusts in the U.K. Learn more.
View All
Subscription Center
Subscribe to Accenture's Cyber defense blog Subscribe to Accenture's Cyber defense blog
Subscribe