Under Attack?

Logo 1 (1)

OSINT Monitoring & Analysis by TSARO


January 27, 2023

OSINT Monitoring & Analysis by TSARO

Monitoring and tracking potential threats from the dark web, open source, and social media platforms is crucial to maintain the safety and security of the general public and your company. However, many cybersecurity experts, analysts, and researchers that gather and handle this kind of open-source intelligence (OSINT) lack the knowledge, resources, and internal control required to counter an assault successfully.

Making DIY monitoring and analysis prohibitively expensive and developing Intelligence to satisfy each stakeholder necessitates enormous and diverse datasets, various technologies, and hard-to-find expertise. Threat data feeds, and information platforms have been developed in response by vendors in the cybersecurity sector. However, more than each is needed for complete Intelligence and overwhelms teams with clamorous notifications.

Because of this, the usage of managed services has dramatically increased during the past ten years. Today, businesses employ managed services to solve various issues, from endpoints and SIEM management to the firewall and network management.

Overview of OSINT

Open-source Intelligence (OSINT) is the term for any data that can be obtained to identify threats aimed at enterprises from sources, including the dark web, open source, and social media platforms.

Using data from monitoring and analyzing the dark web, open source, and social media platforms, TSARO Labs, OSINT Monitoring and Analysis provides cybersecurity, protective security, and intelligence teams with contextualized, prioritized, and relevant results. As a result, TSARO can make recommendations thanks to their monitoring and analysis, which aid in identifying dangers, thwarting attacks, putting an end to enemies, and mitigating risks.

As a managed service, TSARO offers OSINT Monitoring and Analysis, which provides threat intelligence created especially for the client by skilled intelligence analysts as hardware and software cannot be deployed. Customers engage as a service package. When the trust establishes, TSARO Analysts will begin their inquiry. To supply actionable Intelligence so businesses can make the most use of their internal resources and achieve their goals, TSARO offers this as a managed service.

OSINT (Open-Source Intelligence) tools gather information from publicly available sources. Here are some popular OSINT tools at TSARO we use:

TSARO is among the first to deliver client-specific threat intelligence as a managed service at scale, thereby providing:

Unmatched Open-Source Collection Capabilities

TSARO gathers and maintains a sizable collection of content to search for references of the client, their brand, key individuals, or frozen assets using a substantial stack of third-party and proprietary tools. To better understand the goals and strategies of threat actors, TSARO experienced analysts infiltrate closed forums and groups using old personas.

Expertise Across All Intelligence Domains

Although various intelligence suppliers offer information on cyber threats, few do so as comprehensively as TSARO. Our analysts are specialists at identifying risks to a client's reputation, fraud and platform abuse proof, physical threats, and third-party danger.

Engagement of Analysts and Client Success

Each customer interacts with a lead analyst and a client success director as part of TSARO's practice of placing cyber professionals at the heart of every engagement. TSARO Client Success Directors are clients' primary point of contact and have an average of over ten years of intelligence experience. Client Success Directors guide clients through contracts, TSARO solutions, troubleshooting, and administrative requirements for their businesses. The TSARO team will examine their results and recommendations before assembling the client's finished intelligence product.

OSINT (Open-Source Intelligence) tools gather information from publicly available sources. Here are some popular OSINT tools at TSARO we use:

Customized Intelligence for your needs:

Vendors in the cybersecurity sector have created OSINT-collecting products to enable the scraping and scanning of big data sets from the open and dark web. They are typically offered as a threat feed or platform and are simple to combine with other tools, such as SIEMs but fall short of providing real Intelligence. These techniques merely offer insufficient threat information that needs additional analysis to be usable. Furthermore, because these solutions do not consider the customer’s needs, the insights frequently need the proper organizational context to make the data pertinent to the client.

TSARO, in contrast, only provides final Intelligence that has been gathered and developed by their analysts for the particular problems the client faces. As a managed service guided by analysts, TSARO’s OSINT Monitoring and Analysis provides client-specific threat intelligence.

TSARO’s highly skilled analysts frequently scan the surface, deep, and dark web for signs of breaches, disinformation campaigns, fraud, platform abuse, and physical threats aimed at businesses supported by unique technology and datasets. To guarantee that the Intelligence offered is reliable, fast, and usable, TSARO analysts work as an extension of the client’s team to create, customize, and improve inquiries.

TSARO OSINT Monitoring and Analysis delivers contextualized, prioritized, and pertinent information from monitoring and analyzing the dark web, open source, and social media platforms to cybersecurity, protective security, and intelligence teams. Thanks to their monitoring and analysis, we may make recommendations that assist in spotting dangers, thwarting attacks, putting an end to enemies, and mitigating risks.

OSINT Monitoring and Analysis finds hidden risks on the open, deep, and dark web using analyst-driven threat hunting to offer crucial Intelligence. TSARO analysts create and hone client-specific searches, enabling real-time monitoring of corporate mentions. Additionally, TSARO analysts employ old personas to enter private forums and communicate with threat actors directly. A designated analyst will evaluate threats daily to determine their integrity and urgency, notifying clients of any calls for quick action. If necessary, TSARO can reveal the identities of high-risk threat actors attacking the company utilizing technical links that imply a real-world identity.

OSINT Monitoring and Analysis provides Intelligence for diverse use cases, including:

CYBER: Threats and risks to confidentiality, integrity, and availability of sensitive data, including data leakage and insider threats.

FRAUD: Cybercrime, e-crime, and online fraud. Trafficking in stolen or illegal physical goods, illicit purchases of goods or near money instruments (gift cards, credits), use of stolen credentials, accounts, or payment methods.

PLATFORM: Threats and risks to the trust and safety of an online platform. Misuse or abuse of credentials and accounts, platform abuse including counterfeit apps, malicious content syndication, and API manipulation via bots.

PROTECTIVE: Threats and risks to executives, physical property, corporate assets, and PII takedown capabilities in response to doxing.

THIRD-PARTY: Threats and risks by vendors, suppliers, partners, mergers, acquisitions, and investments. Data leakage of client data by vendors.

Related tags – OSIENT, TSAROLABS, Monitoring, Analysis, track, potential, Threat, Third-party, Authentication, Fraud, Cyber security, Cybercrime, e-crime, Social Engineering Toolkit, Open VAS

Supply Chain Attack


November 29, 2022

Supply Chain Attack

Supply chain attacks are an emerging threat that targets software designers and suppliers. The objective is to access source codes, build processes, or update mechanisms by infecting fair apps to disseminate malware. The threats are alarming and continuously hitting the cyber market. Supply chain attacks are diverse and impact various industries. For example, the manufacturing industry has witnessed massive cyber security attacks by tampering with a company’s manufacturing processes, either by hardware or software.

Due to the weak links in the supply chain, criminals get access to organization data and systems to infiltrate overall digital infrastructure. Installing Malware at any stage of the supply chain can cause either disruptions or outages of an organization’s services. Therefore, manufacturers must be aware of many familiar sources of supply chain attacks, for example, commercial software, open-source supply chains, and foreign products.

How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?

Know the rapidly evolving threats to stay ahead of the curve!

Hundreds of U.S. news sites drive malware in the supply-chain attack

Hackers are using the compromised infrastructure of an unrevealed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.

Dozens of PyPI packages were caught dropping 'W4SP' info-stealing malware.

Researchers have discovered over two dozen Python packages on the PyPI registry pushing info-stealing malware.
Most of these contain obfuscated code that drops "W4SP" info-stealer on infected machines, while others use malware purportedly created for "educational purposes" only.

Hackers breach software vendors for Magento supply-chain attacks.

Cyberpunks have insinuated malware in multiple attachments from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took command of FishPig's server infrastructure. Then, they counted malicious code to the merchant's software to achieve access to websites using the products in what is expressed as a supply-chain attack.

How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?

Related tags – supplychain, risks, supplychainattack, security, infrastructure, data, malware, opensource, services

MFA & Password Managers

In this newsletter we are going to understand different types of MFA and about password managers and their safety considering recent attack on LastPass(a password manager).

So, let’s dive in..

Understanding different forms of MFA

MFA can take several different forms, including:

  • Inputting an extra PIN (personal identification number) as well as your password
  • The answer to an extra security question like “What town did you go to high school in?”
  • A code sent to your email or texted to your device that you must enter within a short span of time
  • Biometric identifiers like facial recognition or fingerprint scan
  • A standalone app that requires you to approve each attempt to access an account
  • An additional code either emailed to an account or texted to a mobile number
  • A secure token – a separate piece of physical hardware, like a key fob, that verifies a person’s identity with a database or system

Here are some types of accounts that often offer MFA. Check to see if you can turn MFA on:

  • Banking
  • Email
  • Social media
  • Online stores

You may ask, can MFA be hacked?

While MFA is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around MFA. However, these situations typically involve a hacker seeking MFA approval to access an account multiple times and the owner approving the log-in, either due to confusion or annoyance.

Therefore, if you are receiving MFA log-in requests and you aren’t trying to log in, do not approve the requests! Instead, contact the service or platform right away. Change your password for the account ASAP. Also, if you reused that password, change it for any other account that uses it (this is why every password should be unique).

Don’t let this deter you, though. MFA is typically very safe, and it is one of the best ways you can bolster the security of your data!


Password Managers:

A common question is if password managers are worth the risk of using them.

The answer, in my opinion, is yes. I believe that the increase in risks a person will get from using a password manager is offset by all the advantages, which decrease and thoroughly offset the risks from the disadvantages.

Let’s look at the risks and advantages of using a password manager. They can be summed up as:


  • Creates and allows the use of perfectly random passwords
  • Creates and allows the far easier use of different passwords for every site and service
  • Can be used to prevent password phishing
  • Can be used to simulate some MFA solutions so users do not need separate MFA programs or tokens
  • Can be shared among devices so passwords are where the user needs to use them
  • Passwords can be more easily and securely backed up
  • All passwords may be protected by MFA login requirement to password manager
  • May warn user of compromised passwords that the user was not otherwise aware of
  • Will warn user of identical passwords used between different sites and services
  • Can be shared with trusted person(s) in times of need, when original user is temporarily or permanently incapacitated or unavailable

It is a very real risk that someone’s password manager could get compromised, and from that compromise, all of the user’s passwords to all stored sites and services are stolen very quickly at once. That is a huge risk that must be measured and weighed by the admins or users who are using password managers.


  • User must obtain and install password manager
  • User must learn how to use password manager
  • It may take a user longer to create or input a password using a password manager (but not always true)
  • Subject to attacks
  • Password managers do not work with all programs or devices
  • If access to the password manager cannot be done (e.g., corruption, lost login access, etc.), the user loses all access to all login information contained therein at once
  • If attacker compromises the password manager, the attacker can possibly access and obtain all of the user’s passwords (and sites they belong to) at once

It is the last issue that presents the biggest risk in most concerned user’s minds — single point of failure.



Despite this big risk, I think everyone should use a password manager for their passwords (if phishing-resistant MFA cannot be used). This is because the two biggest risks to passwords (after social engineering theft) is from passwords stolen from a site or service that the user uses and weak passwords that can be guessed and hacked. According to the National Institute of Standards and Technology (NIST) and other password authorities, the biggest risk of passwords is password reuse across non-related websites and services and users creating “password patterns”, which can be predicted by hackers.

The average user has four to seven passwords that they use across over a 170 sites and services. Those are a lot of identical passwords being used where they should not be. The problem is that once a hacker compromises one or a few of your websites (which you often are not even aware of), the hacker gets your password and then uses them across your other sites and services. One or a few compromises leads quickly to a whole bunch of more compromises. This is considered they major password risk after social engineering your password. And password managers get rid of this risk.



The biggest risk of any password is the user being social engineered out of it. Password theft from social engineering is involved in about half of all successful password attacks. Most password managers allow you to log into your site or service from within the password manager and the password manager will only take you to the true, legitimate site or service. This prevents the most common type of password social engineering attack, where the attacker sends you a social engineering email containing a rogue URL link, which tries to trick you into revealing your legitimate credentials to a bogus, fake website.

So, in review on the benefits of password managers, they mitigate the biggest password attacks (e.g., social engineering, guessing/cracking and reuse). Any password expert would tell you those three types of password attacks present the majority of password risks. And for that reason, everyone should use a password manager, or at least strongly weigh it against the big risk of a single-point-of-failure.

It is up to you whether you put your faith, or the faith of your users, into a password manager. Try to get them moved over to phishing-resistant MFA, if you can, first. But if the site or service will not work with phishing-resistant MFA, consider using a password manager. They are becoming more recommended by more password experts every day.

Thanks for reading.

Cybersecurity: Address it completely to avoid regrets

Cybersecurity is nowadays the most crucial issue. The digital grounds and the mobile servers include a large amount of data that requires constant security from cyber crimes and online fraud. Criminal offenses are increasing daily, and most people’s data is at stake. Lately, Optus reported a serious cyberattack involving data breaching of almost 90% of the Australian population, and Tata Power has also written cyber attacks.

TSARO LABS is trying to stop cyber crimes. Its development approach provides stable, secure, and performant solutions with increased security uptake in prevention, detection, and resolution using AGILE practices and tools.

Tata Power

One of the leading power generation companies in India, Tata Power recently reported a cyberattack.

In a brief statement released on Friday, the Mumbai-based company said that the attack impacted some of its IT systems.

“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access, and preventive checks have been put in place for employee and customer-facing portals and touchpoints,” it said in its filing with local stock exchanges.


Microsoft reported that the Prestige ransomware is used as a weapon to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks.

This new ransomware was first used in the wild on October 11, in attacks detected within an hour of each other.

Attackers were seen deploying the ransomware payloads across their victims’ enterprise networks, a tactic very rarely seen in attacks targeting Ukrainian organizations.

Update from INTERPOL

INTERPOL has arrested over 70 suspected members of the ‘Black Axe’ cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud.

The suspects were arrested on the grounds of ‘Operation Jackal,’ an international law enforcement operation between September 26 and 30, 2022, in South Africa.

Black Axe was founded in 1977 in Nigeria and is mentioned as one of the most brutal and dangerous crime syndicates.


Common Log File System (CLFS) has recently reported a flaw that could be used by an attacker to achieve login permission in restricted Machines.

The company noted in its advisory that “An attacker must already have access and the ability to run code on the target system.” “This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*