Blog | Threat Intelligence & Memory Forensics

Threat Intelligence

APT Meets GPT: Targeted Operations with Untamed LLMs

October 8, 2025

Callum Roxan, Killian Raimbaud, and Steven Adair

Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initially observed campaigns were tailored […]

Threat Intelligence

Go Get ‘Em: Updates to Volexity Golang Tooling

August 11, 2025

Ivan Mladenov

This blog post was the final deliverable for a summer internship project, which was completed under the direction of the Volexity Threat Intelligence team. If you’d like more information about […]

Threat Intelligence

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows

April 22, 2025

Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted […]

Threat Intelligence

GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically

April 1, 2025

Killian Raimbaud and Paul Rascagneres

In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and the […]

Threat Intelligence

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

February 13, 2025

Charlie Gardner, Steven Adair, and Tom Lancaster

Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried […]

Threat Intelligence

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

November 22, 2024

Sean Koessel, Steven Adair, and Tom Lancaster

In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had […]

Threat Intelligence

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

November 15, 2024

Callum Roxan, Charlie Gardner, and Paul Rascagneres

[Update: At the time of publication, this vulnerability had not been addressed by Fortinet. On December 18, 2024, Fortinet published a public acknowledgement of the issue, affected versions, as well […]

Threat Intelligence

StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

August 2, 2024

Ankur Saini, Paul Rascagneres, Steven Adair, and Tom Lancaster

In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those […]

Volexity Blog

Published research by Volexity's Threat Intelligence and Incident Response teams, as well as topics covering memory analysis and memory forensics.