A highly targeted phishing campaign has been hitting hotel guests across Luxembourg. Originally flagged by the Computer Incident Response Center Luxembourg (CIRCL), this campaign stands out not because of advanced malware, but because of its impeccable contextual credibility . Threat actors aren't guessing targets; they are hitting actual hotel guests on WhatsApp with exact, legitimate booking details to steal credit card data. As part of a technical review into the infrastructure, we analyzed a recent Indicator of Compromise (IoC) linked to this campaign: [https://stay-hotel607923.com](https://stay-hotel607923.com) . Here is the deep dive into how this attack works, the infrastructure behind it, and how to track it. The Attack Workflow: Smishing with Context Most phishing campaigns rely on volume, hoping a small fraction of a massive email list bites. This campaign relies on precision. The Data Exposure: CIRCL assesses that the campaign's source data may originate from servi...
Demystifying Cyber Threat Intelligence (CTI): From Noise to Action Let's delve into the world of Cyber Threat Intelligence ! Whether you are a SOC analyst or a business leader, understanding how we transform data into defense is the first step toward a resilient security posture. Defining Intelligence For of all, what do we mean by intelligence ? One definition I found that I quite like is: Intelligence is information that has been refined and analysed to make it actionable . This is important in cyber security, as we want to take cyber intelligence, refine it from noise and make it actionable by defending ourselves against threats . In an era of "alert fatigue," the ability to distinguish a true threat from background noise is what allows a security team to prioritize effectively. The Intelligence Cycle To achieve this refinement, we follow a structured Intelligence cycle . This ensures that our findings are not just interesting, but actually useful to the organizati...