As 2025 comes to a close, we can make some observations regarding the evolution of the double-extortion ransomware attack landscape. The data shown is the result of the enrichment performed within SATAYO starting from the data made available by the Ransomfeed project. The URLs of the Data Leak Sites (DLS) of the various ransomware gangs…
Read MoreWhen periodic reports need to be shared in dedicated spaces, managing documents manually can quickly become a significant burden. Every reporting cycle involves generating and uploading files to multiple SharePoint folders, a time-consuming process that’s also prone to human error. The main challenge lies in handling SharePoint tasks manually, which affects efficiency, consistency, and makes…
Read More
Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe the integration process we, at Würth IT, have implemented, which allows us to produce actionable…
Read MoreIn our previous post about Exposure Assessment, we described how we outline a target’s infrastructure using SATAYO, our Cyber Threat Intelligence (CTI) platform. This means that we collected the identifiers of all the target’s machines, i.e., their host names and IP addresses. Now it’s time to understand which machines could allow an attacker to gain…
Read MoreOverview of discovering hostnames and IP addresses using OSINT techniques.
Read More