Labs Archive

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

Aleksandar Milenkoski & Tom Hegel / June 9, 2025

This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.

Security Research

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

Adversary

Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries

Tom Hegel, Aleksandar Milenkoski & Jim Walter / April 28, 2025

This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves

Crimeware

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

Alex Delamotte & Jim Walter / April 9, 2025

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

LABScon

LABScon24 Replay | A Walking Red Flag (With Yellow Stars)

LABScon / March 31, 2025

Dakota Cary and Eugenio Benincasa explore China's CTF ecosystem, highlighting competitions held by the Ministry of State Security and the PLA.

LABScon

LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware

LABScon / March 26, 2025

Jim Walter reveals how a recent leak provided insight into how Kryptina RaaS has been adapted for use in enterprise attacks.

LABScon

LABScon24 Replay | Resilience and Protection in the Windows Ecosystem

LABScon / March 12, 2025

Kim Zetter interviews David Weston on topics such as the fallout from the CrowdStrike outage, Windows Recall and improving Microsoft security.

LABScon

LABScon24 Replay | Farmyard Gossip: The Foreign Footprint in US Agriculture

LABScon / March 5, 2025

Kristin Del Rosso & Madeleine Devost explore the growing trend of foreign ownership of farmland and its implications for national security.

Adversary

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Tom Hegel / February 25, 2025

Latest Ghostwriter campaign brings Belarusian opposition into its sights for the first time as it continues weaponizing XLS docs to drop malware.

Security & Intelligence

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

LABScon24 Replay | A Walking Red Flag (With Yellow Stars)

LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware

LABScon24 Replay | Resilience and Protection in the Windows Ecosystem

LABScon24 Replay | Farmyard Gossip: The Foreign Footprint in US Agriculture

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace