CYBER THREAT INTELLIGENCE BLOG

role of automation

Work Smarter in 2025: 7 Benefits of Automating CTI into SOC Activities

“Get stronger without any physical effort.” No, unfortunately we’re not talking about that new year’s weight-lifting resolution you scribbled on a napkin — we’re focused on your cybersecurity posture. It might sound too good to be true, but there’s one way to strengthen your cybersecurity without adding headcount to the SOC team or finding more hours in the day — and that’s automating Cyber Threat Intelligence (CTI) into day-to-day Security Operation Center (SOC) processes. This article looks at seven business benefits of making this shift, and describes how organizations can see measurable value while making SOC operations leaner and more agile, by integrating CTI within existing SIEM and SOAR solutions.
Alibaba’s Qwen2.5-VL Model Also Vulnerable to Prompt Attacks

Alibaba’s Qwen 2.5-VL Model is Also Vulnerable to Prompt Attacks

China’s AI: Alibaba’s Qwen 2.5 Shows Structural Weaknesses Similar to DeepSeek. Qwen 2.5-VL can be jailbroken using prefix injection techniques, a method exploits the inherent text completion nature of the LLM. By asking to use a seemingly harmless prefix, they tricks the model into providing harmful outputs. In testing, Qwen2.5-VL provided detailed instructions on crafting fraudulent email templates—a clear indication that its safety measures can be circumvented.
DeepSeek R1 Exposed: Security Flaws in China’s AI Model

DeepSeek R1 Exposed: Security Flaws in China’s AI Model 

DeepSeek R1, the latest AI model to emerge from China, is making waves in the tech world. Touted as a breakthrough in reasoning capabilities, it has sparked excitement across industries and even impacted AI-linked stocks globally. With its ability to tackle complex problems in math, coding, and logic, DeepSeek R1 is being positioned as a challenger to AI giants like OpenAI. But behind the hype lies a more troubling story. DeepSeek R1’s remarkable capabilities have made it a focus of global attention, but such innovation comes with significant risks. While it stands as a strong competitor in the generative AI space, its vulnerabilities cannot be ignored.
gdlocker

Is GDLockerSec Really Targeting AWS?

In January 2025, a new alleged ransomware group named GDLockerSec emerged, sharing details of a few victims on their website. Interestingly, the group made the bold claim of targeting a high-value entity, Amazon’s AWS. KELA has investigated this assertion.
phishing blog

Preventing Phishing Attacks, Before They Catch You

Global phishing attacks increased by 34% in 2024 compared with 2023, with the HoxHunt Phishing Trends Report identifying millions of new phishing sites reported monthly. 91% of these cyberattacks start with a simple phishing email, where attackers aim to deliver malware or steal credentials through a user’s inadvertent click on a malicious link. (“Wait, so I didn’t win a free iPad?”) Understanding the anatomy of a phishing attack is a crucial step in defending customers from a phishing scam that takes advantage of your brand to launch an attack. After all, when a customer (or employee) falls victim to a phishing scam from a company impersonating your own — they won’t care that you didn’t even know it was happening. The reputational damage and the blame may still fall squarely at your door.
ntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader

IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader

In the ever-evolving world of cybercrime, IntelBroker has emerged as one of its most prominent figures. Known for his high-profile breaches, IntelBroker’s actions have shaken both corporations and government entities alike. At KELA, our deep dive into his online presence has revealed valuable insights, with OSINT traces playing a pivotal role in uncovering his connections. This blog provides a detailed summary of our findings, highlighting the critical intelligence available in KELA’s comprehensive threat actor profile.
v4_Infostealers Under the Spotlight 2400x1240

Infostealers Under the Spotlight: What are Infostealers and Why Do You Need to Know? 

Information-stealing malware (or infostealers to their friends) are a kind of malware designed to steal sensitive information from an infected device, also known as a bot. Once stolen, the malware creates records of the stolen information, known as logs, and then attackers monetize these harvested logs either by selling them on, or launching a direct attack using these logs for initial access, such as ransomware. Examples of infostealers include RedLine Stealer, Raccoon Stealer, Vidar, Meta Stealer, Lumma, Stealc and RisePro.    How do infostealers infect devices, what information can infostealers harvest, and how does this information compromise your organization’s security? Keep reading for the answers. 
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives?

Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives?

The September 2024 Telegram policy change has caused cybercriminals to wonder if they can continue their operations on the platform: it included shifting from a privacy-first approach to sharing users’ phone numbers and IP addresses with law enforcement for various criminal investigations, beyond just terrorism cases, and a commitment to cooperate with authorities in criminal investigations. After all of the strong reactions, and given the circumstances, it seemed that Telegram could lose its status as the go-to platform for cybercriminals, pushing them to find new spaces to continue their activities. But three months later, what has really changed? 

The Role of a Threat Intelligence Analyst

From ingesting Indicators of Compromise (IoC) and threat intelligence feeds to building fully-integrated teams that conduct full-scale investigations and threat hunting activities, Cyber Threat Intelligence (CTI) holds a crucial role in an organization. Threat intelligence analysts provide the actionable insights that CTI teams use to inform their decision making, and to effectively bolster and improve an organization’s security posture.    Without threat intelligence analysts, organizations are often left in the dark, addressing incidents reactively as they occur, rather than preventing them ahead of time in a proactive or offensive way. In contrast, with actionable intelligence in place, resilience against cyberattacks becomes so much easier.