Security Advisories

Advisory • High Priority CyberStash 2025 Threat Analysis Report Over the past year, cyber threat activity has surged in sophistication, blending nation-state espionage tactics with financially motivated cybercrime. Advanced Persistent Threat (APT) groups haveexpanded their target scope and toolsets, demonstrating agile development and stealth. Campaigns such as those by the Lazarus Group (North Korea) and SideWinder (South Asia) rolled outnew malware families and complex infection chains that largely evade traditional defenses. Meanwhile, cybercriminals are weaponizing fileless malware loaders and info-stealers (e.g. PS1Bot,NonEuclid RAT, StealC v2) to achieve similar stealth and impact. Common threads include heavyabuse of legitimate operating system tools (“living off the land”), in-memory or fileless attacktechniques, and exploitation of trusted platforms for Command-and-Control (C2). Attackers increasingly leverage malvertising, cloud services, and “bulletproof” hosting infrastructure to bypass traditional security filters.   This report provides a comprehensive analysis of these trends – mapping adversary tactics to theMITRE ATT&CK framework, highlighting notable campaigns (both APT and criminal), and distillingrecurring indicators of compromise (IOCs) and tools. Crucially, we outline enterprise-grade defensive recommendations for each trend, emphasizing proactive threat hunting, attack surface reduction, and resiliency improvements.Security leaders should take away strategic insights on how threat actors evolved in 2024–2025 and how to bolster…

Advisory • High Priority BRICKSTORM: Beneath the Security Stack BRICKSTORM is a strategic, state-aligned cyber-espionage capability operated by a China-nexus threat actor focused on long-term access, not short-term disruption. Across multiple investigation cycles, it has shown continuous evolution, environmental adaptability, and a clear bias toward stealth, persistence, and strategic positioning rather than speed or scale. Unlike commodity malware, BRICKSTORM is purpose-built for long-dwell espionage. It is deliberately embedded within virtualisation platforms, identity infrastructure, and cloud-adjacent control layers—areas that often sit outside the visibility of traditional endpoint security and default SIEM monitoring. This positioning allows lateral control across entire environments while remaining largely unseen. From an intelligence perspective, BRICKSTORM should be viewed not as a standalone tool, but as a core component of a wider covert access framework supporting Chinese state-aligned cyber operations. Its continued refinement and disciplined operational security reflect an adversary investing in enduring, low-visibility access and future-option strategic leverage, not immediate impact. This report provides a strategic, multi-source intelligence assessment of the BRICKSTORM campaign, translating adversary tradecraft into executive-level risk, intent, and defensive priorities for organisations and national stakeholders. Download Full Report Subscribe for weekly briefings → Read more: Download the full report

Advisory • High Priority Reducing Exposure to Bulletproof Hosting  Cybercriminals increasingly rely on Bulletproof Hosting (BPH) providers—services that knowingly lease hosting, IP space, or entire ASNs to threat actors while ignoring abuse complaints and takedown requests. These networks provide a safe haven for malware delivery, phishing, fast-flux DNS, command-and-control, and data-extortion operations. BPH infrastructure is often blended into legitimate networks, using leased IP blocks and rapidly rotating ASNs to evade detection. This creates a difficult balance for defenders: block too aggressively and risk disrupting legitimate services; block too narrowly and leave malicious infrastructure untouched. The growth of BPH services amplifies cyber risk by enabling high-impact attacks such as ransomware, large-scale phishing, and data-extortion campaigns with minimal operational cost to attackers. Their constant infrastructure churn, cross-jurisdictional hosting, and opaque ownership make attribution and disruption significantly harder. In this environment, intelligence-led visibility into BPH infrastructure is essential. Without the ability to identify malicious ASNs, TLDs, and traffic patterns, organisations remain reactive while adversaries exploit resilient hosting to operate at scale. This report outlines how bulletproof hosting fuels modern cyber threats and provides clear, actionable strategies for reducing organisational exposure and improving resilience. Download Full Report Subscribe for weekly briefings → Read more:…