Skip to Content

Tag: ACH

REvil: Analysis of Competing Hypotheses

Until the 13th of July, 2021, things appeared to be going as expected with the threat actors behind REvil (AKA Sodinokibi) ransomware. Then, suddenly, the fairly public group vanished. With them disappeared their notorious “Happy Blog,” payment page, and other infrastructure that supported their ransomware and extortion operations. That same day, their primary representative was […]

The Devil, the Details, and the Analysis of Competing Hypothesis

  Digital Shadows (now ReliaQuest)’ Photon Research Team recently released a comprehensive examination of the Analysis of Competing Hypothesis (ACH) method, in a full paper: Applying the Analysis of Competing Hypotheses to the Cyber Domain. Striving for analytical rigor in intelligence analysis is a given, but achieving it can be a challenge. To grease the […]

ShadowTalk Update – 11.05.2018

In November 2016, Tesco Bank suffered a series of fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3 million) in customer funds. Two years on, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s (FCA) investigation into the attacks, which resulted in a fine of […]

Security Analyst Spotlight Series: Rafael Amado

Organizations rely on Digital Shadows (now ReliaQuest) to be an extension of their security team. Our global team of analysts provide relevant threat research, much needed context, tailored remediation advice and managed takedown support to make our clients’ jobs easier and more efficient. Crucially, by having analysts within the intelligence and collection cycle, we’re able […]

WannaCry: An Analysis of Competing Hypotheses – Part II

Following the furore of last month’s WannaCry ransomware attacks, Digital Shadows (now ReliaQuest) produced an Analysis of Competing Hypotheses (ACH) table to make some initial assessments on the type of actor most likely to have been responsible for the campaign. First and foremost, the ACH method was chosen as it allows us to assess the […]

WannaCry: An Analysis of Competing Hypotheses

On 12 May 2017, as the WannaCry ransomware spread across computer networks across the world, a variety of explanations also began to worm their way through the information security community. Who was responsible for the WannaCry campaign? And what was the objective? Ransomware suggested it was the work of cybercriminals, although, given the sheer scale […]

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

On November 6, 2016 multiple UK media outlets reported that the UK-based Tesco Bank had informed approximately 40,000 customers that fraudulent activity had been detected on their accounts between November 5 and 6, 2016. It was initially reported that approximately 20,000 of these accounts had been the victim of successful fraudulent transactions. However, it was […]