Investigations and technical research into sanctions evasion, criminal infrastructure, and offshore architectures.
Five crypto exchanges have been sanctioned while operating from one Moscow skyscraper. Each was replaced. The building's owner was a client of the same offshore intermediary that administered 2,014 shell companies for sanctioned industrialists and the oil shadow fleet.
OFAC designated Iran's four largest crypto exchanges; within days, Certificate Transparency caught a Persian-language seed-phrase phishing wave, one vertical of an industrial, bulletproof-hosted platform spanning some 60 exchanges and roughly 640 domains, ahead of every public reputation feed.
A free "VPN for Russian soldiers" is in fact Android spyware. We ran it in a sealed lab, followed it to a still-live, undetected C2, and mapped the APEX RENT phishing-as-a-service business and the bulletproof host behind it.
A pre-kickoff census of the FIFA World Cup 2026 impersonation surge: the GHOST STADIUM phishing operation, a Hong Kong betting backbone, and an ecosystem that absorbed four advisories and kept growing.
1,435 domains in 30 days: how fraud actors weaponized the 2026 oil shock with crisis-themed impersonation and squatting campaigns.
Tracing a 3-year Elasticsearch extortion operation across two blockchains — 307 victim-facing wallets and a Binance-centric circular financial loop.
Mapping a distributed SMS phishing operation across toll road and postal service brands, operated by the China-based Smishing Triad.
Inside a 5-hop phishing chain that landed in a primary inbox — a Starbucks Yeti Rambler lure with five layered anti-spam evasion techniques and an affiliate scareware operation.
How cryptocurrency, underground banking, and state-sponsored illicit finance converge — from Russia's crypto laundromats to a U.S.-based firm funneling $530 million for sanctioned banks.