An Inside Look at How Insikt Group Produces Leading Threat Research
Get Trending Threat Insights with Cyber Daily Subscribe Today

An Inside Look at How Insikt Group Produces Leading Threat Research

December 18, 2018 • Maggie McDaniel

in·sight
/ˈinˌsīt/
Noun. The capacity to gain an accurate and deep intuitive understanding of a person or thing.

Insikt is Swedish for “insight.” At Recorded Future, Insikt Group is responsible for delivering analyst-generated assessments, insights, and recommended remediative actions to customers and the public for informed decision making and risk reduction. Insikt Group is also responsible for identifying data gaps, discovering new sources for content, and driving Recorded Future product improvements.

Insikt Group includes analyst-on-demand services and the threat research team. The former team supports customers who have requests for specific threat information or regular “subscribed” threat landscapes, while the threat research team conducts proactive research focused on adversary tactics, techniques, and procedures in the context of geopolitical and cyber events, with a particular focus on China, North Korea, Russia, and Iran.

Let’s take a closer look inside Insikt Group’s threat research.

Mapping the Course

Topics that Insikt Group proactively pursues for threat research are informed by analysts’ expertise and experience, customer requirements, and knowledge gaps within the industry where we might serve as thought leaders.

Additionally, we typically have three pipelines for production:

  • Strategic topics that we plan to explore based on our knowledge of, and changes to, the threat landscape
  • Opportunistic issues that we have uncovered in the course of pursuing our strategic research that might be previously unknown
  • Reactive analysis largely driven by current events where we want to lend our expertise

Insikt Group research is available to all Recorded Future customers within the product in the form of Insikt Notes (found on the homepage) and the research is also linked to Intelligence Cards™, as well as downloadable PDFs. In the event that we publish our findings publicly to our blog, we will often include details about how to replicate our findings.

Customers can expect Insikt Group to produce notes within the platform on a daily basis, as well as a weekly post on top threat leads. On average, we will post one to two profiles per week, and more in-depth research every six to eight weeks.

Insikt Group Organization

Insikt Group organization and expertise.

The Big 4

Insikt Group research is predominantly focused on China, North Korea, Russia, and Iran, which we view, strategically, as the top threats to cybersecurity in general.

Our research has focused mainly on attack campaigns sponsored by China and North Korea, as well as the Russian cybercriminal underground. This research has resulted in foundational, baseline analysis on North Korean elite internet usage, including evidence showing that North Korean actors exploit cryptocurrency to support the Kim regime. We also unveiled the extent of the Chinese Ministry of State Security’s influence not only within the state security apparatus, but also through advanced persistent threats like APT3.

Our criminal underground analysis has cast a wide net, dredging up larger trends in prominent cryptocurrency use, evidence of the actual costs of cybercriminal operations, and the discovery of sensitive and proprietary documents for sale.

As our resources have expanded, so has our threat coverage — we now look at the Chinese-, Farsi-, and Arabic-speaking underground communities alongside Russian and Iranian state-sponsored actors.

On the Horizon

As Insikt Group enters its third year, we are looking to expand our account coverage to include deepening analysis on Iran and Iran-sponsored campaigns, the exploration of the Brazilian cybercriminal underground, and the expansion of our technical analysis to include prescriptive workflows for enterprise defense. Customers can expect to see Yara rules and live feeds of IOCs available in Recorded Future on a weekly basis for 2019.

Maggie McDaniel

Maggie McDaniel is the vice president of Insikt Group at Recorded Future.

New call-to-action

Related Posts

WeTheNorth: A New Canadian Dark Web Marketplace

WeTheNorth: A New Canadian Dark Web Marketplace

October 19, 2021 • The Recorded Future Team

This Summer, Insikt Group discovered a new Canada-focused darknet marketplace called WeTheNorth, a...

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

October 14, 2021 • Ellen Wilson

As threat actors continue to expand their attack surface - with cloud systems and supply chain...

How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool

How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool

September 14, 2021 • Jake Munroe

Throughout history there are many examples of inventions created with good intentions (and maybe...