- From GitHub Repos to Lazarusby Mert SARICAIntroduction Many, many months ago, a GitHub repository belonging to a threat actor targeting a company operating in the airport management sector since September 2024 caught my attention. Since I did not have the chance to examine this repository, which had a considerable amount of activity, in detail at the time, I cloned and set…
- There Is A Threat Actor Out Thereby Mert SARICAIntroduction In recent years, as a cybersecurity researcher who frequently engages in conversations with threat actors who lack knowledge or concern about Operations Security (OPSEC) (Examples: Chasing the Threat Actor, Investment Scammers, WhatsApp Scammers), I once again had the opportunity to converse with another threat actor. The story of this article began almost a year…
- Istanbul Senin Data Breachby Mert SARICAIntroduction When the calendar showed May 26, 2025, a post appeared on DarkForums — a platform frequented by cybercriminals — from a threat actor using the alias kovalidis. In the message, the actor, claiming to be (or posing as) a member of the Powerful Greek Army (PGA) hacker group, announced that they were selling the…
- Phishing Cloaking Techniquesby Mert SARICAIntroduction Those of you who have read my blog post titled Investment Scammers have seen how scammers try to lure innocent people into their traps through fake ads on social media and networks. Just as in that article, websites play a critical role in fraud attempts and are essential for the operations of scammers. In…
- How Are We Getting Phished?by Mert SARICAIntroduction Over the past 10 years of my 20-year cybersecurity career—primarily within Turkey’s leading banks and IT subsidiaries—I’ve taken on leadership and executive roles, including CISO, thanks to the knowledge, experience, and achievements I’ve gained. While the winds have carried me into executive leadership roles in recent years, I’ve continued to stay passionately connected to…