https://riga.sh/investigations/Recent content in Investigations on RigaHugo 0.125.0en-usMon, 28 Oct 2024 00:00:00 +0000https://riga.sh/investigations/the-great-canadian-scammers/Mon, 28 Oct 2024 00:00:00 +0000https://riga.sh/investigations/the-great-canadian-scammers/This article is made for educational purpose only, to show what’s going on behind the scenes of malicious actors and their digital platforms. Everything comes from open and legal sources. I received an SMS asking me to log in to: auth-rbcroyalbank-online[.]com. Well, thanks to this scam, I was able to map a wide phishing network targeting Canadian institutions. Key points: ⏺️ Mostly Russian and Chinese registrars/hosting providers (JSC Selectel, Nicenic…) are involved.https://riga.sh/investigations/noname05716/Sun, 21 Jul 2024 00:00:00 +0000https://riga.sh/investigations/noname05716/NoName057(16) is a pro russian hacking group targeting multiple strategic organizations (by DOS/DDOS) associated with countries supporting Ukraine in the ongoing war. They also rely on Botnets (infected machines) to carry large scale attacks. They are very talkative on different platforms, sharing their assets and targets, so I’ll try to summarize all of this here. NoName057(16) operates on two principal Telegram channels: 🇷🇺 https://t.me/noname0571 🇬🇧 https://t.me/noname05716eng They mainly share news about their attacks: What makes NoName057(16) interesting, is their community implication where anyone can download their DOS/DDOS tools, ask questions and support their actions broadly.https://riga.sh/investigations/government-phishing/Wed, 20 Dec 2023 00:00:00 +0000https://riga.sh/investigations/government-phishing/Recently, I received quite an unusual phishing email. At first, it looks like a typical delivery phishing, but it came from… a government address! It came from the doctor appointment service from the Serbian Ministry of Health: This domain has no DMARC policy in place, meaning it could be more easily beings used to spread malicious emails. The email is simply an image rendered by HTML, and linked 2 fraudulent files:https://riga.sh/investigations/countermisinformation/Mon, 30 Oct 2023 00:00:00 +0000https://riga.sh/investigations/countermisinformation/OSINT is about gathering technical and social elements to draw a narrative about a situation and communicate a clear thought. Sometimes, misinformation campaigns regain attention as they are shared a few years later, taking advantage of the mass of shared information to reuse old images when they are forgotten. It’s also worth pointing out that a tragic event appeals the emotions, making us less inclined to verify it. So, I stumbled upon a tweet published in March 2022, which gained substantial exposure at that time:https://riga.sh/investigations/terroristinfrastructure/Thu, 12 Oct 2023 00:00:00 +0000https://riga.sh/investigations/terroristinfrastructure/With the ongoing war between Israeli forces and Hamas, I wanted to analyze different propaganda tools and how they are built.https://riga.sh/investigations/elonmusk/Tue, 01 Aug 2023 00:00:00 +0000https://riga.sh/investigations/elonmusk/What the internet has to offer for a high value profile (who likes to troll a lot)https://riga.sh/investigations/moneylaunderingkabila/Wed, 19 Jul 2023 00:00:00 +0000https://riga.sh/investigations/moneylaunderingkabila/Oil giant Perenco’s suspicious deals with companies close to Congo’s ex-president"https://riga.sh/investigations/theshadypimeyes/Fri, 13 Jan 2023 00:00:00 +0000https://riga.sh/investigations/theshadypimeyes/Pimeyes is on a thin linehttps://riga.sh/investigations/anatomycryptoscam/Sat, 27 Aug 2022 00:00:00 +0000https://riga.sh/investigations/anatomycryptoscam/Scam me if you can