Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/115187621460119003">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 05:53:41 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20251103133701.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/115175520207469002" rel="in-reply-to">in reply to</a></div></section><article><p>Colt appear to be outright lying in their latest cyber incident comms to customers. They’re saying the threat actor only post document titles to the dark web, however they neglect to mention they know the attacker C2 server, and they know what files were exfiltrated by the threat actor. </p><p>Their IR made a bunch of Opsec errors, including putting their IR reports into public sandboxes and submitting URLs of customer files to VirusTotal. I have receipts.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5492688#notice-11034500">In conversation</a><time datetime="2025-09-12T05:53:41+09:00" title="Friday, 12-Sep-2025 05:53:41 JST">about 3 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/115187621460119003" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/115187621460119003">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/5194898">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/115/187/620/936/918/379/original/8ebccbebbf7fc150.jpeg" rel="external">https://cyberplace.social/system/media_attachments/files/115/187/620/936/918/379/original/8ebccbebbf7fc150.jpeg</a></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/5194899">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/115/187/621/196/898/376/original/11a95d704a6e2f19.jpeg" rel="external">https://cyberplace.social/system/media_attachments/files/115/187/621/196/898/376/original/11a95d704a6e2f19.jpeg</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 05:53:41 JST Kevin Beaumont
in reply to
Colt appear to be outright lying in their latest cyber incident comms to customers. They’re saying the threat actor only post document titles to the dark web, however they neglect to mention they know the attacker C2 server, and they know what files were exfiltrated by the threat actor.
Their IR made a bunch of Opsec errors, including putting their IR reports into public sandboxes and submitting URLs of customer files to VirusTotal. I have receipts.
In conversationabout 3 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/115/187/620/936/918/379/original/8ebccbebbf7fc150.jpeg
2. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/115/187/621/196/898/376/original/11a95d704a6e2f19.jpeg

Public

Embed Notice

HTML Code

Corresponding Notice