Intel Name: One step ahead in cyber hide-and-seek: automating malicious infrastructure discovery with graph neural networks
Date of Scan: January 15, 2025
Impact: High
Summary: When executing large-scale attacks, threat actors often leave traces by reusing, rotating, or sharing parts of their infrastructure during campaign automation. Defenders can exploit this behavior by pivoting on known indicators to identify newer infrastructure. This article highlights the advantages of automated pivoting, showcasing three case studies that uncover new indicators. Using a network crawler and graph neural network (GNN), we analyzed relationships among domains to detect additional malicious artifacts.