IronNet Threat Intelligence

Updates and analysis on significant cybersecurity events from IronNet’s threat intelligence and research teams.


Cyber Threats

IronNet Threat

More Sources of IronNet Threat Intelligence



IronRadar is a purpose-built threat intelligence feed that enables cybersecurity teams to proactively block threats and improve detection by automatically ingesting data on the latest known - as well as new and unreported - attacker infrastructure.

IronNet tracks the creation of new malicious infrastructure for numerous post-exploitation toolkits, vulnerability scanners, and remote access trojans (RATs) through a unique fingerprinting process developed by our analysts, providing security operations, incident response, and cyber threat intelligence teams with everything they need to quickly detect C2 servers before they are used in an attack.

Nation-State Cyber Threats

North Korea
IronNet-Threat intelligence-Russian Flag@2x
IronNet-Threat intelligence-Chinese Flag@2x
IronNet-Threat intelligence-Iranian-Flag@2x
IronNet-Threat intelligence-North Korean Flag@2x


Updated as of February 2023

Marking the one year anniversary of Russia's invasion of Ukraine: Russia continues to target Ukraine in cyber attacks

  • CERT-UA releases alert stating it has recorded a number of targeted cyber attacks by the Russian APT Gamaredon on Ukrainian state authorities and critical information infrastructure.
  • CERT-UA releases alert stating Russia-linked actors (UAC-0056) breached multiple Ukrainian government websites, using a web shell that was created no later than December 23, 2021 to deploy multiple backdoors.
  • It was reported the Russian cyber espionage group known as Nodaria (UAC-0056) is using a new info-stealer called Graphiron against Ukrainian targets.


Updated as of February 2023

Targeted cyber espionage against European and Asian organizations 

  • CERT-EU and ENISA release a joint alert warning of Chinese APTs, including APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda, targeting EU organizations.
  • Symantec releases research on the Chinese BlackFly APT (aka APT41, Winnti) targeting materials technology companies in Asia to steal intellectual property (IP).


Updated as of February 2023

Stealing credentials in the Middle East

  • Trend Micro releases a report on a new APT34 backdoor malware targeting the Middle East in December 2022 in order to steal users' credentials. 
North Korea

North Korea

Updated as of February 2023

Using ransomware for profit and spying on South Korean users

  • CISA releases an alert on North Korean threat actors using ransomware to target healthcare organizations in order to fund its weapons programs. 
  • Sources report suspected North Korean threat actors targeted a journalist in South Korea with a malware-laced Android app called RambleOn as part of a social engineering campaign.


2022 Annual Threat Report

Threat Research from the IronNet Ecosystem

Our Annual Threat Report shares unique observations and analysis from our Threat Research Team, combined with intelligence drawn from the vast telemetry of the IronNet ecosystem and the services we offer. This provides crucial insight into the ever-evolving cyber threat landscape so security teams can be more proactive in their defenses while we continue to move the community together to collectively defend against cyber threats.

IronNet's Quarterly Threat Intelligence Reports

In our Q4 Threat Intelligence Report, IronNet analysts provide insight into cyber threat trends from October through December 2022.

IronNet Threat Research Blogs

More sources of IronNet Threat Intelligence

AlienVault Pulses
from IronNet

Get access to the AlienVault OTX pulses from IronNet to apply detection insights into your environment, including threat summaries, software targeted, and related indicators of compromise.

NOTE: You will need to log in on your first visit. Be sure
to sign up on AlienVault to receive IronNet Pulses via email.

Access IronNet’s GitHub

Get access to IronNet's GitHub for recent threat research and reporting from IronNet's Threat Research Teams on recent attacks.

Discover IronNet
for SOC Analysts

  • Do what you do, even better, with behavioral analytics
  • Learn practical ways to rule out false positives
  • Use detection tools that integrate with your existing cybersecurity stack