Cyjax operates in dark web spaces to enhance intelligence for clients, assisting them in understanding potential threats and mitigating risks. The company monitors threat actor activities, particularly in the reconnaissance phase of cyberattacks, which play a critical role in threat intelligence. Recent surges in credential requests, influenced by geopolitical events, highlight the growing danger from hacktivists and the dynamic nature of cyber threats. Affected: Cybersecurity sector, Organizations, Individuals
Keypoints :
- Cyjax provides insights from the dark web to inform clients of evolving threats.
- The reconnaissance phase is crucial and complex in the context of cyberattacks.
- Initial Access Brokers (IAB) communications are important for cyber threat intelligence (CTI).
- Threat actors are increasingly compromising human defenses, termed “People are the new Perimeter”.
- Telegram channels are actively used for sharing tactics and credential information among threat actors.
- In January 2025, there was a notable increase in credential requests due to significant geopolitical events.
- The National Cyber Security Centre (NCSC) anticipates increased hacktivist activities and ransomware developments.
- Future geopolitical and technological shifts are expected to impact the cyber landscape significantly.
MITRE Techniques :
- T1589 (Gather Victim Identity Information): Used to gather credentials (T1589.001), employee email addresses (T1589.002), and employee names (T1589.003).
- T1591 (Gather Victim Org Information): Used to acquire physical locations (T1591.001) and identify roles within an organization (T1591.004).
- T1593 (Search Open Websites / Domains): Includes searching through social media (T1593.001) and code repositories (T1593.003).
Indicator of Compromise :
- Domain: telegram[. ]com
- Domain: cyjax[. ]com
Full Story: https://www.cyjax.com/resources/blog/new-years-reconnaissance-resolutions/