Silent Push

🚨 NEW THREAT RESEARCH 🚨 Today, we released findings on a retail and crypto phishing network that appears to be ramping up its activities for the holiday season. During our investigation, we uncovered critical details linking these threat actors to a bank account in India. Collaborating with our colleagues at https://hubs.ly/Q02_k7bl0 Industries, we also supported takedown efforts on some of the infrastructure. Impressively, within 30 minutes of reporting to Stark, not only was the malicious infrastructure dismantled, but we also received intelligence on 34 additional IPs tied to the threat actors – connecting their retail phishing schemes to a broader crypto phishing operation. Brands targeted by this phishing network include: 🛍️ Etsy, Allegro, AliExpress, Amazon, ASOS, Best Buy, Costco, eBay, Flipkart, Rakuten, Shopee, Temu, Wayfair, Wish 💰 Binance, Kraken 📱 TikTok We’ve named this operation the “Aggressive Inventory Zombies.” 🧟♂️ 👉 Read the full investigation here:https://hubs.ly/Q02_kjjx0 As always, our team remains committed to preemptively uncovering and dismantling these threats. Stay vigilant this holiday season! #cybersecurity #phishing #threat #research #silentpush

It’s a big research day and we’ve got a doozy. Today, our team at Silent Push released a report that we’ve been working on for the last month, about a series of threats that have been abusing a cracked version of the Acunetix Web App & API scanner from Invicti. Read our public report @ https://lnkd.in/gSpif-mi These cracked tools abusing Acunetix are basically versions of the legit enterprise scanner and are being used for finding web & API vulnerabilities – essentially reconnaissance for future attacks. Our team first heard about this due to one of our research sharing partners being targeted with one of the scanners. The most prominent effort to abuse a cracked copy of Acunetix is a tool called “Araneida scanner” – this was first mentioned publicly last year as having the SSL certificate from Acunetix from Chris D. at TLP R3D Intelligence Ltd. Our team was able to acquire additional details about how Araneida works, and can report that the threat actors behind this are openly bragging in a Telegram channel about how many successful attacks the software has facilitated. These threat actors are also selling large sets of user data acquired through vulnerabilities found via Araneida, and have bragged about buying luxury cars with the illicit revenue. We also found a second threat actor with a cracked version of the Acunetix product – but these folks use Mandarin on their login page and are seemingly connected with China. We didn’t find a public sales process for this second version of the cracked scanner, but it’s important to appreciate that the Chinese threat actors APT 41 have been cited as using Acunetix in past reconnaissance efforts, and while we don’t have anything directly tying this to them, it’s possible the IPs hosting this Chinese language panel for the cracked version of Acunetix are associated with this serious APT group. The majority of the details in our report are about Araneida, as there appears to be far more threat actors using it, and the details are much more transparently exposed on their public website and Telegram channel. And to make matters even more interesting, in the course of working with the brilliant Brian Krebs from Krebs on Security to help report this story, he was able to figure out the name of the admin behind Araneida – and connected him to a digital marketing firm in Ankara, Turkey. The admin clearly has a history of supporting malicious attacks, while also having a day job that appears to involve normal web development work. Read the Krebs report @ https://lnkd.in/grGAndKj Our team believes that threat actors abusing cracked versions of Acunetix is a new threat vector for numerous enterprise organizations. Keep your eyes peeled for that scanner hitting your endpoints! As always, thank you to our research sharing partners who helped us get this lead and dig more into this evolving threat. 🖖

🚨 NEW THREAT RESEARCH: Threat Actors Exploiting Cracked Vulnerability Scanners We're back already with some more research to keep you on your toes this holiday season! Our Silent Push Threat Analysts have uncovered alarming evidence of cracked versions of popular web vulnerability testing tools being abused by malicious actors: 1️⃣ Araneida Scanner: This tool, based in part on a cracked version of Acunetix, is being leveraged for illicit activities. 2️⃣ Unidentified Scanner: Another cracked tool, featuring a login panel in Mandarin, is likely abusing Acunetix software to conduct reconnaissance for future cyberattacks. Read the full analysis: https://hubs.ly/Q030jF_q0 --- Ready to detect cyber threats before they strike? Get a demo today of our all-in-one cyber intelligence platform: https://hubs.ly/Q030jFVY0 💪 #cybersecurity #threatintelligence #CTI #araneida #mandarin #threatactor #research

Adversary infrastructure changes by the day, and yesterday’s threat intelligence is already outdated.  Is your team prepared to detect threats before they strike? ⚔️ Join cybersecurity experts Noah Plotkin from Silent Push and Christoph Hellmeier from Aqaio to discover how Indicators of Future Attack (IOFAs) can help you stay one step ahead of Advanced Persistent Threats.  📌 Reserve your spot now: https://hubs.ly/Q0306YVT0 📅 January 21st, 2025   ⏰ 1500 CET | 0900 EST  🖥️ Location: Online via Zoom  ⏳ Duration: 40 minutes  #cyberthreatintelligence #APT #preemptivethreatintelligence #webinar #CTI #silentpush #aqaio 

Have you heard about Indicator of Future Attack (IOFA) Feeds? If not, it’s time to rethink your approach to early threat detection. Curated by our expert team of Threat Analysts, IOFA Feeds provide real-time, preemptive insights into attacker behavior and intent. In contrast to traditional threat intelligence feeds, IOFA feeds: 🛡️ are free of false positives, allowing your team to cut through the noise 🛡️ are continuously updated and dependable 🛡️ provide enhanced context for each and every URL, IP or domain 💪 Exclusive to Silent Push, these feeds shine the light on hidden adversary infrastructure, empowering your team to block attacks before any damage occurs. Ready to see how IOFA Feeds can support your team preemptively detect threats? Let’s make it happen: https://hubs.ly/Q0300YTJ0 #threatfeeds #threatintelligence #IOFA #silentpush #CTI #cybersecurity

🎉 New Partnership Announcement! We’re excited to partner with cyber threat intelligence consultancy Machina Record to offer early global threat detection services to its customers to block attacks and reduce the risk of reputational damage. 🔒 Threat actors continue to advance their strategies leveraging GenAI to quickly form an attack. Without preemptive cyber defense, companies are exposed and vulnerable to hidden adversary infrastructure. By leveraging our Indicators of Future Attack (IOFA) data, we empower organizations to identify attacker behavior and intent EARLY, before any damage occurs. Learn more about how this partnership can protect your organization:https://hubs.ly/Q02_V7wn0 #cybersecurity #silentpush #partnership

🚨 NEW THREAT RESEARCH 🚨 Our Threat Analysts, in collaboration with research partners, have uncovered an ongoing series of malvertising campaigns exploiting Google Search ads to target graphic design professionals. The campaigns were traced to two IP addresses, with all associated sites leading to malicious downloads. 👉 Read more about the threat (including a list of IOFAs!) and how to stay safe with preemptive threat intelligence: https://hubs.ly/Q02_KB5g0 #cybersecurity #malvertising #staysafe #silentpush #IOFA

Our team at Silent Push has a spicy piece for a Friday about an ongoing Malvertising campaign that Google has failed to stop for a month, with at least 10 separate malicious domains used to target graphic design and engineering professionals. While we completely understand that tracking threats can be complex -- this current malvertising campaign isn't complex at all. All the domains in this campaign can absolutely be found with basic pivots that hundreds if not thousands of people at Google could easily accomplish. A simple rule in Google advertising and a little automation around a DNS lookup could prevent one campaign after another launching -- yet nothing apparently has been done for an entire month. Day after day, week after week, our team and our research sharing partners kept seeing this same obvious malvertising campaign spun up via unique Google Search advertising accounts -- without any clear efforts by Google to stop this or prevent similar campaigns. And to make matters worse -- each one of these campaigns has been flagged to Google! 100% of the domains launched from this campaign are hosted across 2 IP addresses -- and there are dozens of similarly named domains mapped to these IP addresses. I want to just pause and explain what this means:: anyone at Google working to stop malvertising threats or who works on their security teams, could easily take one of these domains that leads to malicious downloads, look up where it's hosted, take 10 seconds to notice the other dozens of similarly named domains also hosted on those IP addresses, and then block future advertising campaigns that launch from those IPs. A little bit of time, a simple rule, and this malvertising campaign would have had 1 successful ad launched, instead of at least 10. We've documented all 10 ads that our research sharing partners caught, and have provided additional details about the IPs in question and our thoughts around the simplicity of these pivots. Personally, I'm disappointed but not surprised. We know the malvertising threats have been active for years, but to see first hand how a simple campaign was ignored for a month, with clear proof that the threat actors were astroturfing across numerous advertising accounts, and the fact that absolute basic pivots could stop this -- is just proof that Google is out to lunch. If you are in the ad tech industry and have an obligation to stop threats to the public which also impact your own clients, it's time to step up and do the work to track *future* attacks and not just pretend like stopping today's attack is enough. Do the simple pivots to learn how the threat actor is hosting their infrastructure, and when you find a dedicated IP instance filled with suspect domains, flag that shit and prevent future attacks from coming from that same infrastructure. These are day 1 defenses, and doing less is unacceptable. Research link in the comments! ⬇️

Silent Push isn’t just the name—it’s the game. Quietly but decisively, this Reston-based cybersecurity force is taking the fight to attackers before they even know there’s a battlefield. With a $10M Series A round co-led by Ten Eleven Ventures and StepStone Group LP, the company is scaling its preemptive strike model. Co-founders Ken B. and John Jensen, veterans of FireEye, Inc. and The Email Laundry, have created a platform that doesn’t just track threats—it reads their minds, dismantling malicious infrastructure before the damage begins. Here’s the deal: Silent Push’s platform monitors global threat infrastructure in real time, scouring the digital underbelly for what it calls Indicators of Future Attacks (IOFA). Think of it as the clairvoyant of cybersecurity—an early warning system that scans the entire IPv4 space daily and maps global vulnerabilities with unnerving precision. It’s not reactionary, it’s anticipatory. And in an industry still full of perimeter chasers and breach responders, this is what you call a paradigm shift without the buzzwords. The metrics are as sharp as their approach. With over 3,000 users, including half the #Fortune30, Silent Push isn’t fishing for credibility—it’s already landed the big ones. Its ability to integrate seamlessly into existing frameworks (#SIEM, #XDR, #SOAR, #TIP) ensures that enterprises don’t need to reinvent their workflows to benefit from its intelligence. And if you’re in #healthcare, #finance, or #government, where the stakes are existential, this kind of foresight isn’t just nice to have—it’s mandatory. This is about building something smarter. While the rest of the industry scrambles to react, Silent Push operates in that rarest of arenas: foresight. It’s no wonder they’re doubling down on global expansion in EMEA and APJ and boosting their United States Department of Defense capabilities. Because in a world where attackers never sleep, Silent Push stays two steps ahead, quietly but relentlessly reshaping what it means to be secure. #Startups #StartupFunding #Cybersecurity #Security #ThreatProtection #VentureCapital #PrivateEquity #Technology #Innovation #TechEcosystem #StartupEcosystem

Traditional Threat Feeds: noisy, outdated, generic, fragmented, and a resource drain. 📉 Did we miss anything? Silent Push IOFA Feeds cut through the noise with curated lists of attacker domains and IPs, tailored for SOC and IR teams: 🛡️ No false positives – focus on real threats 🛡️ Continuously updated – always reliable 🛡️ Rich context – detailed threat analysis for every URL, IP, and domain Powered by our first-party database – the most complete and timely view of global internet-facing infrastructure – IOFAs uncover hidden adversary infrastructure, enabling your team to block attacks before they happen. 💪 See how IOFAs can help your team detect threats early: Let’s make it happen: #threatfeeds #cybersecurity #silentpush #IOFA #CTI #threatintelligence