Tag

#Infrastructure Intelligence

5 articles covering Infrastructure Intelligence across campaign analysis, detection engineering, and defender tradecraft.

Coverage

5 entries

Field Analysis

Blue TeamInfrastructure IntelligenceJun 12, 202613 min read

Trusted Notification Systems Are Becoming Phishing Delivery

Scammers abusing a real Microsoft account-alert sender are part of a wider pattern: attackers are turning legitimate SaaS notification workflows into authenticated phishing infrastructure.

Kali365 Outgrows Microsoft 365: Operator Pivots to Okta, AWS, and a Russian-Language Cluster

Arctic Wolf's June 2 follow-up describes the Kali365 operator expanding well beyond Microsoft 365: Okta SSO, Xerox DocuShare, AWS-style endpoints, and a Russian-language cluster including MAX Messenger account takeover via real SMS OTPs. Proofpoint's research places the kit inside a broader cluster of AI-generated device-code lookalikes.

TrapDoor's Cross-Ecosystem Campaign Adds AI-Assistant Poisoning to Supply-Chain Tradecraft

Socket attributes a coordinated supply-chain campaign called TrapDoor to roughly thirty-four packages across npm, PyPI, and Crates.io, with ecosystem-specific execution paths and a new twist: planted .cursorrules and CLAUDE.md files designed to influence the developer's AI coding assistant.

Kali365 and the Productization of Token Theft

An FBI-flagged phishing-as-a-service kit rents Microsoft 365 token theft for $250 a month, packaging device-code and OAuth abuse into a point-and-click dashboard that defeats MFA without a fake login page.

Trusted Email Infrastructure Is Now Part of the Phishing Supply Chain

Abuse of legitimate email services such as Amazon SES shows why authentication pass results are not the same thing as sender trust.

By PhishPond Desk

#Infrastructure Intelligence

Coverage

Browse Other Tags