Cti on aksnk / noteshttps://blog.aksnk.com/tags/cti/Recent content in Cti on aksnk / notesHugoen-USThu, 07 May 2026 00:00:00 +0000Fake portals everywhere [1] — Autopsy of a FedEx phishing kithttps://blog.aksnk.com/posts/colisrelay-regularisation-phishing-autopsie/Thu, 07 May 2026 00:00:00 +0000https://blog.aksnk.com/posts/colisrelay-regularisation-phishing-autopsie/<blockquote> <p>This note and the investigation it builds on were carried out by <strong>Sinclair M.</strong> and <strong>Axel K.</strong>, students in the Intelligence and Cyberthreats major at Oteria. The article is available on <a href="https://sinclair-moulager.com">sinclair-moulager.com</a> and <a href="https://blog.aksnk.com">blog.aksnk.com</a>.</p> </blockquote> <figure><img src="https://blog.aksnk.com/images/colisrelay/1_poisson.png" alt="Symbolic illustration of phishing"> </figure> <h2 id="introduction">Introduction</h2> <p>Phishing is a technique that consists in tricking a victim by impersonating a legitimate source in order to harvest personal — sometimes sensitive — information.</p> <p>In 2026, it has become relevant to talk about a <strong>phishing ecosystem</strong>, a notion echoed for example by <a href="https://fr.flare.io/learn/resources/phishing-kits-economy-cybercrime">Flare</a>, which describes <em>&ldquo;a mature underground industry&rdquo;</em> made up of specialised actors who have moved phishing from a <em>&ldquo;simple technique&rdquo;</em> to a <em>&ldquo;service&rdquo;</em>.</p>Storm-1516 — Anatomy of the Russian Information Operationhttps://blog.aksnk.com/posts/storm-1516-mode-operatoire-informationnel-russe/Wed, 06 May 2026 00:00:00 +0000https://blog.aksnk.com/posts/storm-1516-mode-operatoire-informationnel-russe/<h2 id="context-and-scope-of-the-report">Context and scope of the report</h2> <p>Against a backdrop of war returning to Europe and the intensification of foreign hybrid operations targeting Western democracies, France set up <strong>VIGINUM</strong> in 2021. Placed under the authority of the SGDSN<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>, the service is tasked with detecting, qualifying, and documenting foreign digital interference threatening the integrity of public debate.</p> <p>In May 2025, VIGINUM published an analysis of the Russian information operation <strong>Storm-1516</strong>, active since at least August 2023. The report describes its main characteristics and the risks it poses to French-speaking and European information spaces.</p>