• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells From Above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Joel Belton

Intel Insights – Phishing with QR Codes

August 25, 2023 By Joel Belton

A large phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. Researchers from the security firm, Cofense, observed the attacks against “a major Energy company based in the US.” The reported phishing campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and ... READ MORE

Rhysida Ransomware Attack on PMH and Connections to Vice Society Ransomware

August 11, 2023 By Joel Belton

On August 4th, 2023, the parent company of Eastern Connecticut Health Network and Waterbury Health, Prospect Medical Holdings(PMH), announced that all of its facilities were facing IT complications. Prospect Medical Holdings is a parent company to over 16 hospitals, 165 outpatient clinics, in over 4 states ( California, Connecticut, Pennsylvania, Rhode Island) It was later ... READ MORE

STORM-0558 Utilizes Acquired MSA Keys to Forge Authentication Tokens Then Attack Outlook Exchange

July 28, 2023 By Joel Belton

On July 12, 2023, The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA)(aa23-193a) detailing an attack on an Federal Civilian Executive Branch (FCEB) agency in June 2023. The attack had been observed due to observing anomalous activity within the Microsoft 365 (M365) audit logs. ... READ MORE

AI Used in Scams: Faked Kidnapping

May 15, 2023 By Joel Belton

A mother of a 15-year-old girl, Jennifer DeStefano, received a disturbing phone call on January 20th, 2023, while taking her younger daughter, Aubrey, 13, to a dance rehearsal in Scottsdale Arizona. The call's caller ID showed an “Unknown number”, yet a familiar voice was heard on the other end of the telephone call. The voice belonged to her other teenager, Brianna ... READ MORE

Intel Insights – USB Flash Drive Bombs Observed in Ecuador

March 24, 2023 By Joel Belton

RSM Defense Intelligence has observed some claims and reports of a Universal Serial Bus (USB) thumb drive or commonly called flash drive being used as single detonation bombs. One such example was in Ecuador. The device was mailed to a journalist and Ecuadorian television presenter, which resulted in the USB being utilized as an explosive after being plugged into the USB ... READ MORE

Intel Insights – VMWare ESXi and ESXiArgs Ransomware

February 13, 2023 By Joel Belton

RSM Defense Intelligence has observed open-source reporting, as well as notifications from CISA(JCSA_AA23-039A),  which indicates that malicious actors are exploiting known vulnerabilities in VMware ESXi software to gain access to servers and deploy ESXiArgs ransomware. Vulnerabilities utilized by the malicious actors include CVE-2021-21974 (CVSS 8.8), CVE-2020-3992 (CVSS 9.8), ... READ MORE

Intel Insights – ChatGPT: Good Angel or Bad Robot?

January 27, 2023 By Joel Belton

Since the roll out of Open AI’s publicly accessible ChatGPT (Generative Pre-training Transformer) on November 30, 2022, ChatGPT has been subject to widespread attention both in the Clearnet and “DarkWeb”. ChatGPT is based on the GPT architecture and was first released in 2019. Since then, it has undergone several updates and major changes. The GPT model was trained on a ... READ MORE

Intel Insights – Emotet recommences email spam operations after five-month break

January 13, 2023 By Joel Belton

RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading ... READ MORE

Russia Ukraine Conflict Observables

March 9, 2022 By Joel Belton

With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 11k views

  • Sophos UTM Home Edition – 3 – The Setup 10.9k views

  • Leveraging MS16-032 with PowerShell Empire 10.1k views

  • Bypassing Gmail’s Malicious Macro Signatures 9.9k views

  • How to Bypass SEP with Admin Access 9k views

Footer

  • Facebook
  • LinkedIn
  • Twitter
  • Tools
  • About
  • RSM US LLP

(312) 634-3400

30 S. Wacker Drive Suite 3300
Chicago, IL 60606

Copyright © 2025 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.