Telegram Intel Intelligence
Live threat intelligence collected from criminal Telegram channels — real-time threat actor communications, malware distribution campaigns, and first-look intelligence before it hits mainstream reporting.
Telegram Intel — Archive & Latest
TwizAdmin RaaS & Lazarus Mach-O Man: OTX Pulse Analysis — Multi-Stage Crypto Theft & macOS ClickFix
Urgent: TwizAdmin Crypto Clipper/RaaS and Lazarus Mach-O Man active. Credential theft, macOS targeting, and Middle East C2 expansion detected.
TwizAdmin, Mach-O Man & KICS Supply Chain: OTX Pulse Analysis — Enterprise Detection Pack
Active credential theft surge: Lazarus Mach-O Man, TwizAdmin crypto clipper & KICS Docker compromise. Immediate containment required.
QILIN Ransomware Gang: 18 New Victims Posted — High-Volume Attacks on Business & Financial Sectors
Qilin claims 18 new victims, heavily targeting Business & Financial sectors. Urgent patching required for ConnectWise & SmarterMail CVEs.
TwizAdmin, Lazarus Mach-O Man & Supply Chain Attacks: OTX Pulse Analysis — Enterprise Detection Pack
Multi-vector threats targeting credentials: TwizAdmin clipper, Lazarus macOS malware, KICS supply chain compromise, and FrostyNeighbor espionage.
THEGENTLEMEN Ransomware: Critical Infrastructure Exploitation Surge — 15 New Victims in 6 Days
THEGENTLEMEN claims 15 new victims targeting Tech, Mfg, and Logistics. Immediate patching of Cisco FMC & SmarterMail required.
DinDoor Backdoor, AdaptixC2 Beacon, and The Gentlemen RaaS: OTX Threat Landscape Analysis — Detection & Response
Active OTX pulses reveal MuddyWater's Deno-based malware, Tropic Trooper's trojanized PDFs, and The Gentlemen ransomware. Critical detection engineering.
TwizAdmin MaaS & Lazarus Mach-O Man: OTX Pulse Analysis — Cross-Platform C2 & Credential Theft
Urgent: OTX data reveals active TwizAdmin MaaS operation & Lazarus Mach-O Man targeting Finance/Tech. High credential theft risk.
TwizAdmin, Lazarus Mach-O Man, and Supply Chain Attacks: OTX Pulse Analysis — Enterprise Credential Theft Surge
OTX pulses reveal widespread credential theft via TwizAdmin, Lazarus Mach-O Man, and supply chain attacks. High urgency.
QILIN Ransomware: Construction & Tech Sectors Under Siege — ConnectWise & Exchange Exploits Surge
QILIN ransomware active in 6 countries, exploiting ConnectWise and Exchange flaws. Construction and Tech sectors face double extortion threat.
TwizAdmin, Mach-O Man & KICS Supply Chain Compromise: OTX Pulse Analysis — Enterprise Detection Pack
Active campaigns deploying TwizAdmin, PureLogs, and poisoned Docker images targeting credentials and crypto assets. Immediate detection required.
QILIN Ransomware: Aggressive Campaign Targets Construction & Tech — Detection & Intel
QILIN ransomware posts 14 new victims, targeting Construction and Tech sectors via ConnectWise and RDP flaws.
Multi-Vector Credential Theft: TwizAdmin, Mach-O Man, and KICS Supply Chain Compromise
Active campaigns featuring TwizAdmin infostealer, Lazarus macOS malware, and poisoned Checkmarx Docker images targeting credentials.
QILIN Ransomware Gang: Surge in Construction & Tech Sector Attacks — Exploitation Analysis & Detection Rules
QILIN aggressively targets Construction and Tech sectors via ConnectWise and Exchange exploits. Actionable SIGMA rules and IR guidance included.
Lazarus Mach-O Man & TwizAdmin Operation: OTX Pulse Analysis — Multi-Platform Malware & C2 Infrastructure Surge
Lazarus macOS malware, TwizAdmin clipper, and massive Middle Eastern C2 infrastructure detected. High urgency.
TwizAdmin, Lazarus Mach-O Man & Supply Chain Attacks: Cross-Platform Credential Theft
Active OTX pulses reveal cross-platform infostealers (TwizAdmin, Lazarus Mach-O Man) and supply chain attacks (KICS). Immediate credential hunting required.
QILIN Ransomware Gang: 18 New Victims Posted — Critical Infrastructure & Tech Sector Targeting
Qilin posts 18 new victims, targeting Tech & Construction. Immediate patching of ScreenConnect & Exchange required.
The Gentlemen RaaS, Webworm APT, & AI Impersonation Infostealers: OTX Pulse Analysis — Enterprise Detection Pack
OTX pulses reveal active RaaS, China-aligned espionage, and AI-themed SEO poisoning. Urgent hunting required.
TwizAdmin MaaS & Lazarus Mach-O Man: OTX Pulse Analysis — Multi-Platform C2 & ClickFix Detection Pack
OTX Pulse data reveals active TwizAdmin MaaS and Lazarus Mach-O Man campaigns targeting crypto and macOS via ClickFix. Urgency: High.
TwizAdmin MaaS & Lazarus Mach-O Man: Cross-Platform Infostealer Surge — OTX Pulse Analysis
Active campaigns by DataBreachPlus and Lazarus Group using TwizAdmin and Mach-O Man infostealers targeting finance and govt. Urgent detection required.
QILIN Ransomware Campaign Targets Construction & Tech: 20 New Victims Identified
QILIN gang posts 20+ victims targeting Construction and Tech sectors via ScreenConnect and Cisco FMC exploits. Patch immediately.
The Gentlemen RaaS, Webworm APT, and AI SEO Poisoning: OTX Pulse Analysis — Enterprise Detection Pack
RaaS (The Gentlemen) and APT (Webworm) campaigns intersect with AI-themed infostealers targeting developers. Critical detection guidance provided.
TwizAdmin MaaS, Lazarus Mach-O Man & Middle East C2 Surge: OTX Pulse Analysis
Active threats: DataBreachPlus TwizAdmin crypto-stealer, Lazarus macOS ClickFix campaign, & massive Middle East APT C2 infrastructure mapped.
TwizAdmin MaaS, Lazarus Mach-O Man & Ghost CMS Supply Chain: OTX Pulse Analysis
Surge in credential theft via Ghost CMS exploits, steganography loaders, and MaaS operations. Critical urgency for Finance and Gov sectors.
QILIN Ransomware Gang: 21 New Victims Posted — Construction & Manufacturing Sector Alert
QILIN posts 21 new victims targeting construction, manufacturing across US, GB, and AT. Immediate patching of ScreenConnect and Exchange Server vulnerabilities required.
Webworm APT, FrostyNeighbor Espionage, and Ghost CMS Mass Exploit: OTX Pulse Analysis
China-aligned Webworm & Belarus FrostyNeighbor target Europe; Ghost CMS mass exploits fuel ClickFix attacks. High urgency.
Lazarus & WageMole Campaigns: macOS ClickFix, Mach-O Man & Dev Supply Chain Attacks — OTX Pulse Analysis
Active macOS ClickFix and dev supply chain attacks by Lazarus & WageMole using stealers and RATs. High urgency.
Lazarus & WageMole Infostealer Surge: ClickFix, Supply Chain, and Steganography Tactics — OTX Pulse Analysis
Active credential theft campaigns using ClickFix, malicious Git repos, and steganography. Targets Finance & Tech. High urgency.
QILIN Ransomware: Construction & Manufacturing Under Siege — ConnectWise & Exchange Exploitation Surge
Qilin aggressively targets construction and manufacturing in US/GB. Active exploitation of ConnectWise and Exchange observed. IOCs and detection rules included.
Void Dokkaebi Supply Chain Poisoning & Fox Tempest MSaaS: OTX Pulse Analysis
Analysis of Void Dokkaebi repo poisoning, Fox Tempest signing abuse, and macOS ClickFix stealers targeting developers and enterprises.
Infostealer Surge: Void Dokkaebi, Fox Tempest & PureLogs — OTX Pulse Analysis
Multiple active infostealer campaigns utilize fake job interviews, steganography, and fraudulent code-signing to target devs and enterprises.
QILIN Ransomware Gang: 23 New Victims Posted — Construction & Manufacturing Sector Targeting Analysis & Detection Rules
QILIN posts 23 new victims, heavily targeting construction, manufacturing, and business services across 8 countries. Detection rules included.
Vidar v1.5, Gremlin & Void Dokkaebi: Cross-Platform Credential Harvesting & Supply Chain Threats — OTX Pulse Analysis
Active infostealer campaigns (Vidar, Gremlin) and NK-aligned supply chain attacks target devs and enterprise credentials. Urgency High.
QILIN Ransomware: Construction & Agri-Food Sector Surge — SmarterMail & ScreenConnect Exploitation
QILIN ransomware heavily targets Construction and Agriculture sectors. Immediate patching required for ScreenConnect and SmarterMail KEVs.
Shai-Hulud npm Worm, SHub Reaper macOS Stealer, and Nexcorium IoT Botnet: OTX Pulse Analysis
OTX pulses reveal Shai-Hulud npm supply chain attacks, SHub Reaper macOS spoofing, and Nexcorium IoT exploitation. Critical priority.
Fox Tempest MSaaS, UAT-8616 SD-WAN Attacks, & macOS ClickFix: Enterprise Detection Pack
Active exploitation of Cisco SD-WAN by UAT-8616, Fox Tempest's malware signing service, and macOS ClickFix infostealers.
Fox Tempest, Vidar v1.5 & macOS ClickFix: Enterprise Credential Theft Campaign
Active infostealer campaigns leveraging Fox Tempest-signed binaries, Go-compiled Vidar, and macOS ClickFix scripts targeting credentials.
QILIN Ransomware: Surge in Construction & Service Sector Attacks — Detection & Intel Brief
Qilin claims 27 new victims, aggressively targeting Construction, Healthcare, and Business Services via ScreenConnect and SmarterMail exploits.
Cisco Edge Exploitation: UAT-8616, Interlock & The Gentlemen — Webshell & RaaS Tactics
Active exploitation of Cisco/Fortinet CVEs by UAT-8616, Interlock, and The Gentlemen using webshells, Sliver, and SystemBC.
Vidar v1.5, Gremlin Stealer & Shai-Hulud: Multi-Vector Credential Theft Campaign
Critical Alert: Vidar Go rewrite, Gremlin VM evasion, and npm Shai-Hulud worm active. Urgent credential theft risks identified.
QILIN Ransomware: Global Surge in Business Services & Construction — Detection Rules & CVE Exploitation
Qilin aggressively targets Business Services and Construction via ScreenConnect and SmarterMail vulnerabilities. Immediate patching of CVE-2024-1708 and RCE detection are critical.
CISA KEV Flash: Active Exploitation Detected in Microsoft Exchange & Cisco SD-WAN
CISA flags 2 critical CVEs (Microsoft Exchange & Cisco SD-WAN) under active attack. Immediate patching required due to active exploitation.
QILIN Ransomware: Cross-Sector Surge & Critical Infrastructure Targeting — Detection Engineering Brief
QILIN gang posts 15+ victims across Healthcare, Manufacturing, and Public sectors. Actively exploiting ConnectWise and Exchange flaws.
UAT-8616, Interlock & The Gentlemen: Cisco Edge Exploitation, Sliver C2, and PlasmaLoader OTX Pulse Analysis
Active exploitation of Cisco SD-WAN & FMC zero-days by UAT-8616 & Interlock; Sliver C2, Godzilla webshells, and SystemBC detected. Urgent patching required.
Vidar v1.5 Go, Gremlin Stealer & Shai-Hulud: OTX Pulse Intelligence on Multi-Vector Infostealer Campaigns
Active infostealer campaigns (Vidar Go, Gremlin) and npm supply chain attacks targeting credentials. Block C2 IPs immediately.
QILIN Ransomware: Global Campaign Targets Agriculture & Healthcare via Critical Remote Access Exploits
Qilin aggressively targets Manufacturing and Healthcare sectors using ConnectWise and SmarterMail exploits. Immediate patching required.
Vidar v1.5, Gremlin & Shai-Hulud: OTX Pulse Analysis — Credential Theft Campaigns
Analysis of Vidar Go, Gremlin Stealer, and Shai-Hulud supply chain attacks. Urgent credential harvesting and RaaS activity detected.
QILIN Ransomware: Global Expansion Targeting Healthcare & Agriculture — Critical CVE Analysis
QILIN claims 15 victims targeting Healthcare, Agriculture, and Manufacturing. Detection rules for ScreenConnect and SmarterMail exploitation included.
Vidar v1.5 Go, Gremlin & SHub Reaper: Multi-Platform Infostealer Surge & SD-WAN Initial Access
Active campaigns using Vidar Go, Gremlin, and macOS SHub Reaper target credentials via SD-WAN exploits and fake installers.
QILIN Ransomware: Global Surge in Healthcare & Manufacturing — Campaign Analysis & Detection Rules
Qilin posted 22 victims recently, heavily targeting Healthcare and Manufacturing via ScreenConnect and Exchange exploits.
Vidar v1.5, Gremlin, and SHub Reaper: Surge in Multi-Platform Infostealers & Edge Device Exploitation
Active campaigns leveraging Vidar Go, Gremlin Stealer, and macOS SHub Reaper alongside exploitation of Cisco/Fortinet edge devices.
Showing 50 of 357 reports. Archive expands automatically as new intel is generated.
Every Telegram IntelReport Includes SIGMA & KQL Detection Rules
Every intelligence briefing on this page includes at least one Sigma rule, a Microsoft Sentinel KQL hunt query, and an IOC check script — ready to drop into your SIEM. No paywall. No registration.