Intel Name: One step ahead in cyber hide-and-seek: automating malicious infrastructure discovery with graph neural networks
Date of Scan: February 14, 2025
Impact: High
Summary: Threat actors often leave behind traces when conducting large-scale attacks, reusing and rotating parts of their infrastructure during campaign setup. Defenders can exploit this behavior to pivot from known indicators and uncover new infrastructure. This article highlights the benefits of automated pivoting through three case studies: a postal services phishing campaign, a credit card skimmer campaign, and a financial services phishing campaign. By using a network crawler and graph neural network (GNN), we identified artifacts around known domains and detected additional malicious ones.
