Home

Blog

Apr 2025

Threat Hunting Blog

Threat Hunting Blog

Threat Hunting Blog

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

APT34-Like Threat Infrastructure Uncovered Before Activation
Apr 22, 2025

Track APT34-Like Infrastructure Before It Strikes

APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track

Threat Research

KeyPlug Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
Apr 17, 2025

KeyPlug-Linked Server Briefly Exposes Fortinet Exploits, Webshells, and Recon Activity Targeting a Major Japanese Company

Briefly exposed KeyPlug infrastructure revealed Fortinet exploits, encrypted webshells, and recon scripts targeting Shiseido, a major Japanese enterprise. Learn more..

Threat Research

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight
Apr 15, 2025

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight

Phishing campaign evades detection with server-side logic. See how employee portals are targeted—and how defenders can uncover them. Learn more.

Threat Research

GoPhish Infrastructure Targets Polish Energy and Government
Apr 10, 2025

GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

Explore how the GoPhish framework was leveraged to stage infrastructure and domains spoofing Polish government and energy entities.

Threat Research

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity
Apr 8, 2025

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure

Explore Gamaredon’s flux-like DNS and ShadowPad malware infrastructure, with insights into how these attacker networks are configured, rotated, and maintained.

Threat Research

Proactive ClickFix Threat Hunting with Hunt.io
Apr 3, 2025

Identifying ClickFix Exploits: A Case Study in Proactive Threat Hunting

Learn how Hunt.io identifies early-stage ClickFix delivery pages across the web using advanced search capabilities to stay ahead of exploitation attempts.

Threat Research

Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign
Apr 1, 2025

Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs

Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.

Threat Research

APT34-Like Threat Infrastructure Uncovered Before Activation
Apr 22, 2025

Track APT34-Like Infrastructure Before It Strikes

APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track

Threat Research

KeyPlug Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
Apr 17, 2025

KeyPlug-Linked Server Briefly Exposes Fortinet Exploits, Webshells, and Recon Activity Targeting a Major Japanese Company

Briefly exposed KeyPlug infrastructure revealed Fortinet exploits, encrypted webshells, and recon scripts targeting Shiseido, a major Japanese enterprise. Learn more..

Threat Research

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight
Apr 15, 2025

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight

Phishing campaign evades detection with server-side logic. See how employee portals are targeted—and how defenders can uncover them. Learn more.

Threat Research

GoPhish Infrastructure Targets Polish Energy and Government
Apr 10, 2025

GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

Explore how the GoPhish framework was leveraged to stage infrastructure and domains spoofing Polish government and energy entities.

Threat Research

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity
Apr 8, 2025

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure

Explore Gamaredon’s flux-like DNS and ShadowPad malware infrastructure, with insights into how these attacker networks are configured, rotated, and maintained.

Threat Research

Proactive ClickFix Threat Hunting with Hunt.io
Apr 3, 2025

Identifying ClickFix Exploits: A Case Study in Proactive Threat Hunting

Learn how Hunt.io identifies early-stage ClickFix delivery pages across the web using advanced search capabilities to stay ahead of exploitation attempts.

Threat Research

Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign
Apr 1, 2025

Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs

Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.

Threat Research

APT34-Like Threat Infrastructure Uncovered Before Activation
Apr 22, 2025

Track APT34-Like Infrastructure Before It Strikes

APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track

Threat Research

KeyPlug Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
Apr 17, 2025

KeyPlug-Linked Server Briefly Exposes Fortinet Exploits, Webshells, and Recon Activity Targeting a Major Japanese Company

Briefly exposed KeyPlug infrastructure revealed Fortinet exploits, encrypted webshells, and recon scripts targeting Shiseido, a major Japanese enterprise. Learn more..

Threat Research

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight
Apr 15, 2025

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight

Phishing campaign evades detection with server-side logic. See how employee portals are targeted—and how defenders can uncover them. Learn more.

Threat Research

GoPhish Infrastructure Targets Polish Energy and Government
Apr 10, 2025

GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

Explore how the GoPhish framework was leveraged to stage infrastructure and domains spoofing Polish government and energy entities.

Threat Research

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity
Apr 8, 2025

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure

Explore Gamaredon’s flux-like DNS and ShadowPad malware infrastructure, with insights into how these attacker networks are configured, rotated, and maintained.

Threat Research

Proactive ClickFix Threat Hunting with Hunt.io
Apr 3, 2025

Identifying ClickFix Exploits: A Case Study in Proactive Threat Hunting

Learn how Hunt.io identifies early-stage ClickFix delivery pages across the web using advanced search capabilities to stay ahead of exploitation attempts.

Threat Research

Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign
Apr 1, 2025

Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs

Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.

Threat Research

APT34-Like Threat Infrastructure Uncovered Before Activation
Apr 22, 2025

Track APT34-Like Infrastructure Before It Strikes

APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track

Threat Research

KeyPlug Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
Apr 17, 2025

KeyPlug-Linked Server Briefly Exposes Fortinet Exploits, Webshells, and Recon Activity Targeting a Major Japanese Company

Briefly exposed KeyPlug infrastructure revealed Fortinet exploits, encrypted webshells, and recon scripts targeting Shiseido, a major Japanese enterprise. Learn more..

Threat Research

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight
Apr 15, 2025

Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight

Phishing campaign evades detection with server-side logic. See how employee portals are targeted—and how defenders can uncover them. Learn more.

Threat Research

GoPhish Infrastructure Targets Polish Energy and Government
Apr 10, 2025

GoPhish Framework Leveraged to Target Polish Government Regulator and Energy Sector

Explore how the GoPhish framework was leveraged to stage infrastructure and domains spoofing Polish government and energy entities.

Threat Research

Hunt.io Insights: Gamaredon’s Flux-Like Infrastructure and a Look at Recent ShadowPad Activity
Apr 8, 2025

State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure

Explore Gamaredon’s flux-like DNS and ShadowPad malware infrastructure, with insights into how these attacker networks are configured, rotated, and maintained.

Threat Research

Proactive ClickFix Threat Hunting with Hunt.io
Apr 3, 2025

Identifying ClickFix Exploits: A Case Study in Proactive Threat Hunting

Learn how Hunt.io identifies early-stage ClickFix delivery pages across the web using advanced search capabilities to stay ahead of exploitation attempts.

Threat Research

Russian-Speaking Threat Actor Abuses Cloudflare & Telegram in Phishing Campaign
Apr 1, 2025

Same Russian-Speaking Threat Actor, New Tactics: Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs

Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.

Threat Research

Page 1 / 10

Previous
Next

Categories :

Categories :

Categories :

All
Threat Research
Product News
All
Threat Research
Product News

Archives :

Archives :

Archives :

May 2025

2

May 2025

2

May 2025

2

Apr 2025

7

Apr 2025

7

Apr 2025

7

Mar 2025

7

Mar 2025

7

Mar 2025

7

Feb 2025

7

Feb 2025

7

Feb 2025

7

Jan 2025

7

Jan 2025

7

Jan 2025

7

Dec 2024

5

Dec 2024

5

Dec 2024

5

Nov 2024

6

Nov 2024

6

Nov 2024

6

Oct 2024

9

Oct 2024

9

Oct 2024

9

Sep 2024

4

Sep 2024

4

Sep 2024

4

Aug 2024

4

Aug 2024

4

Aug 2024

4

Jul 2024

5

Jul 2024

5

Jul 2024

5

Jun 2024

7

Jun 2024

7

Jun 2024

7

May 2024

4

May 2024

4

May 2024

4

Apr 2024

4

Apr 2024

4

Apr 2024

4

Mar 2024

5

Mar 2024

5

Mar 2024

5

Feb 2024

5

Feb 2024

5

Feb 2024

5

Jan 2024

3

Jan 2024

3

Jan 2024

3

Nov 2023

1

Nov 2023

1

Nov 2023

1

Oct 2023

3

Oct 2023

3

Oct 2023

3

Sep 2023

3

Sep 2023

3

Sep 2023

3

Aug 2023

2

Aug 2023

2

Aug 2023

2
Threat Hunting Blog: Latest Threat Intelligence Research

Threat Hunting Platform

Products

Web Interface

Feeds

Enrichment API

Features

AttackCapture™

HuntSQL™

C2 Detection

IOC Hunter

Phishing Infrastructure

Resources

Blog

Change Log

Support Docs

Malware Families

Glossary

Company

About Us

Use Cases

Testimonials

OEM Partners

Contact Us

Latest News

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

May 8, 2025

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

May 5, 2025

Track APT34-Like Infrastructure Before It Strikes

Track APT34-Like Infrastructure Before It Strikes

Apr 22, 2025

©2025

Hunt Intelligence, Inc.

Terms & Conditions

|

Privacy Policy

Threat Hunting Blog: Latest Threat Intelligence Research

Threat Hunting Platform

Products

Web Interface

Feeds

Enrichment API

Features

AttackCapture™

HuntSQL™

C2 Detection

IOC Hunter

Phishing Infrastructure

Resources

Blog

Change Log

Support Docs

Malware Families

Glossary

Company

About Us

Use Cases

Testimonials

OEM Partners

Contact Us

Latest News

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

May 8, 2025

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

May 5, 2025

Track APT34-Like Infrastructure Before It Strikes

Track APT34-Like Infrastructure Before It Strikes

Apr 22, 2025

©2025

Hunt Intelligence, Inc.

Terms & Conditions

|

Privacy Policy

Threat Hunting Blog: Latest Threat Intelligence Research

Threat Hunting Platform

Products

Web Interface

Feeds

Enrichment API

Features

AttackCapture™

HuntSQL™

C2 Detection

IOC Hunter

Phishing Infrastructure

Resources

Blog

Change Log

Support Docs

Malware Families

Glossary

Company

About Us

Use Cases

Testimonials

OEM Partners

Contact Us

Latest News

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

Unmasking Proxy Infrastructure: How to Detect IOX, FRP, Rakshasa Proxies with Hunt.io

May 8, 2025

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

May 5, 2025

Track APT34-Like Infrastructure Before It Strikes

Track APT34-Like Infrastructure Before It Strikes

Apr 22, 2025

©2025

Hunt Intelligence, Inc.

Terms & Conditions

|

Privacy Policy