Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 25-May-2026 22:41:00 JST Kevin Beaumont

RE: https://infosec.exchange/@briankrebs/116635448484355293
After years of monitoring these “companies” networks I saw 100% malicious traffic (Stark Industries and the like). They literally had no legit customers.
Running out of UK limited companies too, there appears to be very little checks and balances in the UK to see if a company even has people in the UK.
In conversation about 3 days ago from cyberplace.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: media.infosec.exchange
  
  BrianKrebs (@briankrebs@infosec.exchange)
  
  from BrianKrebs
  
  Attached: 1 image New, by me: Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia’s intelligence agencies. https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/ Previous reporting on Stark Industries: May 2024: Stark Industries Solutions: An Iron Hammer in the Cloud: https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/ July 2024: The Stark Truth Behind the Resurgence of Russia's Fin7: https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/ September 2025: Bulletproof Host Stark Industries Evades EU Sanctions: https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/ #russia #cybercrime #arrest #sanctions
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 25-May-2026 22:44:10 JST Kevin Beaumont
  in reply to
  
  There was a time NoName were operating from Stark Industries for a prolonged person, attacking the UK. The NCSC didn’t really know what to do so I ended up evicting them by getting them nullrouted by ISP for spam. https://cyberplace.social/@GossiTheDog/111788974637289906
  In conversation about 3 days ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Kevin Beaumont (@GossiTheDog@cyberplace.social)
    
    from Kevin Beaumont
    
    New #NoName DDoS client details and C2 server: https://pastebin.com/psKHZzVs IP is 94.131.97.202 and hardcoded into client again - ISP https://stark-industries.solutions/ - registered in London https://find-and-update.company-information.service.gov.uk/company/13906017 They have only a fraction of hosts checking in so far, let's nuke from orbit. #threatintel
- Embed this notice
  BrianKrebs (briankrebs@infosec.exchange)'s status on Monday, 25-May-2026 22:48:00 JST BrianKrebs
  in reply to
  
  @GossiTheDog Right. Meanwhile, the guy running it just continues to tell the media with a straight face that they never really got any abuse complaints. My response to that is yea that's what happens when your abuse mailbox goes straight to /dev/null/.
  
  In conversation about 3 days ago permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 25-May-2026 22:48:00 JST Kevin Beaumont
  in reply to
  - BrianKrebs
  @briankrebs you’ll be surprised to know this got no reply or action 🙀 although somebody did submit a complaint to GitHub about doxxing on that repo link, causing GitHub to remove it. It contained no PII or doxxing, just the botnet config.
  In conversation about 3 days ago permalink
  Attachments
  1. Untitled attachment
    https://cyberplace.social/system/media_attachments/files/116/635/515/096/346/615/original/4292cab7b9ee0d9c.jpeg

Public

Conversation

Notices

Feeds