The Stories You Loved in 2021: Top 10 Most Popular Articles From Our Threat Intelligence Blog

The following is part of Flashpoint’s 2021 Intel Wrap-Up series.

To wholly sum up the year in cyber and physical threats in one blog post is an impossible feat. This is especially true for 2021—a feverishly paced year bookended by the January 6 Capitol riots and the Log4j vulnerability.

So we’ve put together a list of our 10 most popular blog posts, ordered by date of publishing, which includes a significant summer Flashpoint announcement. Taken together, these articles tell the story of the year that was from the lens of those in the digital trenches: the Flashpoint Intel Team. Furthermore, it provides insights into the vital threat intelligence solutions that security teams leverage to stop cyber, corporate, and physical threats in their tracks. 

Top 10: Our Most Popular Blog Posts of 2021

With Joker’s Stash Gone, What’s Next in Credit Card Fraud Cybercrime? (Feb 15)

Joker’s Stash, one of the world’s largest illicit payment card shops, closes. We analyzed the events that led to Joker’s Stash’s precipitous rise and ensuing fall; project future trends in the card fraud market; and provide a road map as to how fraud and security teams can prepare for what’s next. Read more →

Elite Cybercrime Forum “Maza” Breached by Unknown Attacker (Mar 4)

In breaking news, Flashpoint detects a breach of Maza, an elite Russian cybercrime forum operating since at least 2003. Read more →

A Second Iranian State-Sponsored Ransomware Operation “Project Signal” Emerges (April 30)

Flashpoint validated leaked documents indicating that Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). These three documents were originally leaked by the Iranian dissident group “Lab Dookhtegan,” which is famous for providing highly reputable intelligence on Iranian state-sponsored cyber programs. Read more →

DarkSide Ransomware Links to REvil Group Difficult to Dismiss (May 11)

Flashpoint explores the connections between DarkSide, the ransomware group responsible for the compromise of the Colonial Pipeline networks, and REvil, a cybercriminal organization. Read more →

Investigating Hydra: Where Cryptocurrency Roads All Lead to Russia and Go Dark (May 25)

With Chainalysis, a blockchain data company and our integration partner, we detail the inner workings of cybercriminal cryptocurrency financial chains and the rise to prominence of “Hydra,” the Russian-language dark web marketplace (DWM) known primarily for its illicit, high-traffic narcotics market. Read more →

The Next Chapter: Flashpoint CEO Josh Lefkowitz on Flashpoint’s Majority Growth Investment from Audax (July 21)

Following our announcement disclosing a majority growth investment from Audax Private Equity, Flashpoint CEO and CO-Founder Josh Lefkowitz reflects fondly on the moment: where we’ve been, where we’re going, and the path to get there. Read more →

What’s Old is New Again: AlphaBay Re-emerges (Aug 10)

Flashpoint analysts were at the forefront of detailing the re-emergence of AlphaBay, once the largest darknet marketplace and community in history, and its new administrator, DeSnake. Read more →

REvil Master Key for Kaseya Attack Posted to XSS (Aug 10)

Flashpoint analysts identified a post on the Russian language XSS Forum in which a threat actor posted a possible master key for REvil in a screenshot on Github. Flashpoint determined that the key would in fact work for companies affected by the REvil-led Kaseya attack. Read more →

Counterfeit COVID Vaccine Card Market Takes Hold in the U.S. and Europe (Aug 17)

In some major cities around the U.S., access to indoor spaces became contingent on a person’s ability to produce a CDC vaccine card. This development led to dramatic increases in activity in English-language illicit communities from threat actors looking to sell, buy, or produce proof of vaccination certificates, Flashpoint analysts found. And as the pandemic continues, so too does COVID fraud. Read more →

OCR, Cybersecurity, and Threat Intelligence: Using Optical Character Recognition and Machine Learning to Identify Risk (Nov 9)

In this article we outline the ever-growing relationship between OCR technology and threat intelligence. Plus, we argue why OCR is an essential threat intelligence tool for security teams in the financial services sector and beyond. Read more →

Usher in 2022 with Flashpoint 

Kick off the new year with your best foot forward—with threat intelligence that supercharges every security operation and analyst workflow. Sign up for a demo or free trial today to see how Flashpoint can help you protect your most critical assets and stakeholders from ransomware attacks, fraud, physical threats, and more.