Blog | Threat Intelligence & Memory Forensics

Threat Intelligence

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

April 22, 2025

Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted […]

Threat Intelligence

GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically

April 1, 2025

Killian Raimbaud and Paul Rascagneres

In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and the […]

Threat Intelligence

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

February 13, 2025

Charlie Gardner, Steven Adair, and Tom Lancaster

Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried […]

Threat Intelligence

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

November 22, 2024

Sean Koessel, Steven Adair, and Tom Lancaster

In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had […]

Threat Intelligence

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

November 15, 2024

Callum Roxan, Charlie Gardner, and Paul Rascagneres

[Update: At the time of publication, this vulnerability had not been addressed by Fortinet. On December 18, 2024, Fortinet published a public acknowledgement of the issue, affected versions, as well […]

Threat Intelligence

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

August 2, 2024

Ankur Saini, Paul Rascagneres, Steven Adair, and Tom Lancaster

In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those […]

Threat Intelligence

DISGOMOJI Malware Used to Target Indian Government

June 13, 2024

Volexity Threat Research

Note: Volexity has reported the activity described in this blog and details of the impacted systems to CERT at the National Informatics Centre (NIC) in India. In 2024, Volexity identified […]

Memory Forensics

Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices

May 15, 2024

Volexity Threat Research

Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. Palo […]

Volexity Blog

Published research by Volexity's Threat Intelligence and Incident Response teams, as well as topics covering memory analysis and memory forensics.