Cyber Threat Intelligence
Intelligence from
real engagements.
Every CINDR threat report is derived from live IR work and malware reverse engineering — not open-source aggregation. Actionable intelligence for defenders who can't afford to miss.
Lazarus Group: Supply Chain Attack Campaign
Analysis of a sophisticated supply chain attack targeting software development companies. This report details reconnaissance techniques, payload delivery mechanisms, and persistence methods used by the Lazarus Group in their 2024 campaign.
Read Full Report →APT28: Infrastructure and Operational Security Evolution
Deep dive into the command and control infrastructure operated by APT28. This report reveals new operational security measures, hosting providers, and domain generation algorithms discovered in Q3/Q4 2024.
Volt Typhoon: Maritime Sector Targeting Intelligence
Intelligence regarding Volt Typhoon operations targeting maritime infrastructure and port authorities. This report details initial access vectors, living-off-the-land techniques, and evidence of pre-positioning for disruptive operations.
Scattered Spider: Ransomware Operation Evolution
Analysis of the evolution in Scattered Spider's ransomware operations over the past year. This report covers new variants, changing victim profiles, and emerging defense evasion techniques.
FIN13: Financial Sector Data Exfiltration
Comprehensive report on FIN13's targeting of major financial institutions. Details on social engineering tactics, internal reconnaissance, and database exfiltration capabilities.
Emotet Resurgence: Malware-as-a-Service Infrastructure Rebuild
Analysis of the Emotet malware resurgence following takedown recovery efforts. This report documents the rebuilt botnet infrastructure, new distribution methods, and engagement with other malware families.