Photon Research Team
Making Sense of the REvil Arrests
January 14, 2022 | 7 Min Read
AlphaBay’s Return: A slow-burning masterpiece, or a flash in the pan?
December 28, 2021 | 4 Min Read
Cone of Plausibility: Forecasting Ransomware Scenarios in 2022
December 14, 2021 | 10 Min Read
The Log4j Zero-Day: What We Know So Far
December 10, 2021 | 6 Min Read
When acting turns criminal: Deepfakes and voice impersonators in the cybercriminal underground
December 1, 2021 | 13 Min Read
Vulnerability Intelligence: What’s the Word in Dark Web Forums?
November 16, 2021 | 7 Min Read
Vulnerable smart contracts and fake blockchains: What do investors need to know?
November 10, 2021 | 10 Min Read
What We’re Reading This Month
November 9, 2021 | 6 Min Read
ENISA 2021 Threat Landscape: Initial Thoughts
November 1, 2021 | 12 Min Read
Cybersecurity Awareness Month: Week 3 – Explore. Experience. Share
October 19, 2021 | 11 Min Read
REvil Domains Hijacked, Forum Representative Announces Group’s Intention to Go Offline
October 18, 2021 | 5 Min Read
What We’re Reading This Month: September Edition
September 29, 2021 | 8 Min Read
Why CISOs and Executives Should Care About IABs
September 23, 2021 | 3 Min Read
Ukrainian-language Cybercriminal Platforms: A Gap In the Market?
September 21, 2021 | 7 Min Read
Building successful teams on the cybercriminal underground
September 15, 2021 | 7 Min Read
AlphaBay’s Return: SWOT Findings
September 9, 2021 | 14 Min Read
What We’re Reading This Month
September 8, 2021 | 6 Min Read
The Eeveelution of ShinyHunters: From Data Leaks to Extortions
August 26, 2021 | 7 Min Read
How Cybercriminals Weaponize Social Media
August 25, 2021 | 9 Min Read
How Has Forum Life Adapted to the Recent Ransomware Ban?
August 5, 2021 | 8 Min Read
Initial Access Brokers in Q2
August 3, 2021 | 7 Min Read
REvil: Analysis of Competing Hypotheses
July 28, 2021 | 15 Min Read
Q2 Ransomware Roll Up
July 20, 2021 | 9 Min Read
REvil Ransomware: What’s Next?
July 15, 2021 | 10 Min Read
Marketo: A Return to Simple Extortion
July 8, 2021 | 9 Min Read
What We’re Reading This Month
June 29, 2021 | 6 Min Read
Why Do Users Get Banned from Cybercriminal Forums?
June 24, 2021 | 13 Min Read
Cryptocurrency Attacks to be Aware of in 2021
June 8, 2021 | 10 Min Read
Death and Decay: How Cybercriminal Platforms Meet Their End
May 26, 2021 | 12 Min Read
Examining Russian-language Cybercriminal Marketplaces
May 18, 2021 | 10 Min Read
Bitcoin and Alternative Cryptos in the Cybercriminal Underground
May 11, 2021 | 10 Min Read
The Dark Web Response to COVID Vaccinations
April 28, 2021 | 8 Min Read
The Top 5 ShadowTalk Episodes of All Time
April 22, 2021 | 4 Min Read
The Emotet Shutdown Explained
April 22, 2021 | 5 Min Read
Arrest, Prosecution, and Incarceration: The Cybercriminal Perspective
March 22, 2021 | 10 Min Read
The Right to Be Forgotten: Cybercriminal Forum Account Deletion
March 4, 2021 | 9 Min Read
Cybercrime and Valentine’s Day: What to Look Out For
February 10, 2021 | 8 Min Read
DarkMarket’s seizure: the decline of the marketplace?
February 2, 2021 | 6 Min Read
Joker’s Stash’s Final Deal: A turning point for AVCs?
January 28, 2021 | 12 Min Read
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums
January 13, 2021 | 9 Min Read
QUO, QUO, QUO! Merry Christmas…..
December 21, 2020 | 7 Min Read
How Bizarre: Joker’s Stash .bazar site allegedly seized by law enforcement
December 17, 2020 | 6 Min Read
SolarWinds Compromise: What security teams need to know
December 14, 2020 | 5 Min Read
How Cybercriminals Answer “What do you do for a living?”
December 3, 2020 | 8 Min Read
2021 Forecasts: Six Trends And Predictions For The New Year
December 1, 2020 | 18 Min Read
To Code or Not to Code? Cybercriminals and the world of programming
November 12, 2020 | 9 Min Read
Simplifying Cybercriminal Jargon: A Glossary of Cybercriminal Access Offerings
November 2, 2020 | 15 Min Read
Mapping MITRE ATT&CK to SandWorm APT’s Global Campaign
October 28, 2020 | 7 Min Read
Dark pathways into cybercrime: Minding the threat actor talent gap
October 21, 2020 | 11 Min Read
Let’s get ready to tumble! Bitcoin vs Monero
October 6, 2020 | 13 Min Read
Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?
September 30, 2020 | 13 Min Read
Unpicking Cybercriminals’ Personalities – Part 2: Morality and Forum Dynamics
September 28, 2020 | 7 Min Read
Unpicking Cybercriminals’ Personalities – Part 1: Gender and Nationality
September 23, 2020 | 9 Min Read
With the Empire falling, who will take over the throne?
September 16, 2020 | 10 Min Read
Dread takes on the spammers – who will come out on top?
August 28, 2020 | 9 Min Read
Fall of the behemoth: Cybercriminal underground rocked by Empire’s apparent exit scam
August 27, 2020 | 10 Min Read
“ALEXA, WHO IS THE NUMBER ONE CYBERCRIMINAL FORUM TO RULE THEM ALL?”
August 26, 2020 | 12 Min Read
Dark Web Forums: The new kid on the block
August 18, 2020 | 12 Min Read
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly
August 11, 2020 | 15 Min Read
The story of Nulled: Old dog, new tricks
August 4, 2020 | 9 Min Read
BitBazaar Market and The Rise of Neptune Market: The End of the Saga spells hope for another
August 3, 2020 | 8 Min Read
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry
July 29, 2020 | 10 Min Read
Abracadabra! – CryptBB demystifying the illusion of the private forum
July 15, 2020 | 8 Min Read
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in
July 7, 2020 | 9 Min Read
Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?
June 29, 2020 | 9 Min Read
Introducing Nulledflix – Nulled forum’s own streaming service
June 23, 2020 | 8 Min Read
Torigon Forum: A sad case of all show and no go
June 23, 2020 | 11 Min Read
Ensuring order in the underground: Recruiting moderators on cybercriminal forums
June 18, 2020 | 10 Min Read
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020
June 9, 2020 | 7 Min Read
New DDoS protection tool advertised on the dark web
June 9, 2020 | 7 Min Read
BitBazaar Market: Deception and Manipulation on the Dark Web
May 12, 2020 | 8 Min Read
Threat Intelligence Feeds: Why Context is Key
May 7, 2020 | 10 Min Read
Competitions on English-language cybercriminal forums: A stagnant competition model?
May 5, 2020 | 9 Min Read
Charitable Endeavors on Cybercriminal Forums
April 28, 2020 | 12 Min Read
Nulled: The modern cybercriminal forum to go mobile….?
April 22, 2020 | 9 Min Read
Zoom Security and Privacy Issues: Week in Review
April 17, 2020 | 10 Min Read
Recon: Dark web reconnaissance made to look easy
April 3, 2020 | 4 Min Read
Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?
April 2, 2020 | 9 Min Read
Kapusta.World: The fiendish cabbage exemplifying cybercriminal marketing in the modern era
March 24, 2020 | 8 Min Read
Apollon Dark Web Marketplace: Exit Scams and DDoS Campaigns
March 17, 2020 | 8 Min Read
How One Cybercriminal Forum is Helping to Address Suicide Awareness
March 10, 2020 | 4 Min Read
Dark Web Search Engine Kilos: Tipping the Scales in Favor of Cybercrime
March 5, 2020 | 8 Min Read
The Ecosystem of Phishing: From Minnows to Marlins
February 20, 2020 | 31 Min Read
Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…
February 17, 2020 | 6 Min Read
Dark web travel agencies: Take a trip on the dark side
February 4, 2020 | 11 Min Read
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?
January 30, 2020 | 9 Min Read
Cryptonite: Ransomware’s answer to Superman…
January 14, 2020 | 4 Min Read
Top Security Blogs of 2019 from Digital Shadows
December 20, 2019 | 4 Min Read
The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time
December 18, 2019 | 9 Min Read
Forums are Forever – Part 3: From Runet with Love
December 17, 2019 | 24 Min Read
Forums are Forever – Part 2: Shaken, but not Stirred
December 10, 2019 | 5 Min Read
Forums are Forever – Part 1: Cybercrime Never Dies
December 4, 2019 | 10 Min Read
Probiv: The missing pieces to a cybercriminal’s puzzle
November 26, 2019 | 10 Min Read
DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries
November 19, 2019 | 4 Min Read
Top Threat Intelligence Podcasts to Add to Your Playlist
October 3, 2019 | 4 Min Read
Dark Web Monitoring: The Good, The Bad, and The Ugly
September 11, 2019 | 20 Min Read
Black Hat and DEFCON 2019 – Some of our Favorite Sessions
August 19, 2019 | 9 Min Read
Capital One Breach: What we know and what you can do
July 31, 2019 | 5 Min Read
The Account Takeover Kill Chain: A Five Step Analysis
July 30, 2019 | 17 Min Read
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser
May 21, 2019 | 6 Min Read
Predator: Modeling the attacker’s mindset
April 2, 2019 | 6 Min Read
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™
March 6, 2019 | 7 Min Read
Extortion Exposed: Sextortion, thedarkoverlord, and SamSam
February 21, 2019 | 3 Min Read
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program
February 5, 2019 | 7 Min Read
TV License and Vehicle Tax Fraud: New Year, Same Old Scams
January 8, 2019 | 4 Min Read
Bomb Threat Emails: Extortion Gets Physical
December 14, 2018 | 4 Min Read
Sextortion 2.0: A New Lure
November 20, 2018 | 4 Min Read
GAO’s Equifax Post-mortem Report
September 11, 2018 | 5 Min Read
Sextortion – When Persistent Phishing Pays Off
September 6, 2018 | 4 Min Read
Understanding Threat Modelling
August 29, 2018 | 4 Min Read
Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings
July 11, 2018 | 6 Min Read
Reducing Your Attack Surface: From a Firehose to a Straw
July 5, 2018 | 6 Min Read
Cyber Security as Public Health
March 21, 2018 | 4 Min Read
Prioritize to Avoid Security Nihilism
February 20, 2018 | 3 Min Read
What Attackers Want for Christmas
December 22, 2017 | 4 Min Read
ICS Security: Strawmen In the Power Station
October 31, 2017 | 5 Min Read
Trust vs Access: A Tale of Two Vulnerability Classes
October 20, 2017 | 5 Min Read
5 Lessons from WannaCry: Preventing Attacks with Security Engineering
May 16, 2017 | 5 Min Read