Threat intelligence feeds on such a broad spectrum that sometimes you’d be surprised to hear where you can get relevant information. Often, it can be nearly impossible to keep track of everything because of the “instant sharing” logic of social media channels.
We recently published an article that exemplifies how effectively Telegram channels can be used to obtain cyber threat intelligence. These channels were sources that needed verification because they were directly linked to threat actors. In this article, we will share with you Twitter accounts where you can follow news and analysis filtered by expert opinion.
Let’s dive into these great accounts you can use for threat intelligence. Make sure to follow them all!
Threat actors frequently exploit social media’s popularity for cybercrime, scams, or phishing. SOCRadar’s RiskPrime can help you detect and respond to these threats in real-time, providing you with complete visibility over social media risks.
The Best Twitter Accounts for Threat Intelligence
1. Catalin Cimpanu @campuscodi
Catalin Cimpanu has previously worked as a reporter for reputable cybersecurity websites such as The Record, Bleeping Computer, and ZDNet. He currently creates newsletters and podcasts and writes articles for risky.biz.
2. Kevin Beaumont @GossiTheDog
Those who follow our daily vulnerability and cyber incident news see the name Kevin Beaumont. Just looking at Beaumont’s career, who has been devoted to cybersecurity for over 20 years, makes it clear why you should follow him.
He started his career as an analyst in the UK, continued as an information security architect, and after specializing in vulnerabilities, he became SOC manager. You should definitely follow DoublePulsar, which he writes regularly, and his Twitter account.
3. SANS Internet Storm Center @sans_isc
SANS (SysAdmin, Audit, Network, and Security) Institute is a US-based company that has been operating for more than 20 years. The institute, which also provides certificates in information security and cyber security training, shares up-to-date data on the latest cyber security events on the isc.sans.edu website.
The Internet Storm Center Diary is an essential resource for threat intelligence professionals to follow. Its Twitter account is here.
4. BleepingComputer @BleepinComputer
We are not sure if it is necessary to describe BleepingComputer. It is one of the most preferred websites by anyone specializing in information technology and security and who wants to specialize. BleepingComputer, which has been publishing the latest news, analysis, and research since 2004, is not limited to these. It invites amateur users to “do it yourself” by providing free educational content and downloadable documents.
You can keep up to date with all of these and more by following them on Twitter.
5. The DFIR Report @TheDFIRReport
DFIR is short for Digital Forensics and Incident Response. In other words, it is a field that focuses on the identification, investigation, and remediation of cyber attacks in cybersecurity. The DFIR Report also provides attack IoCs, attack feeds, and threat intelligence for security researchers and organizations.
Add these guys to your list for ransomware, Cobal Strike, APT groups, etc.
6. Will @BushidoToken
7. Florian Roth @cyb3rops
Florian Roth, the creator of YARA and the IoC scanner THOR APT Scanner, has been in the information security industry since 2003. He is currently the CTO at Nextron Systems. He has also been involved in known open source GitHub projects like LOKI and yarGen.
Let’s get you here to follow his Twitter account with around 115K followers and benefit from his experience.
8. US-CERT @USCERT_gov
US-CERT stands for United States Computer Emergency Readiness Team and is a part of the Cybersecurity and Infrastructure Security Agency (CISA). The US-CERT is in charge of analyzing and mitigating cyber threats and vulnerabilities as well as disseminating cyber threat advising details and organizing incident response operations.
We strongly recommend that you follow to get regular feeds from reliable official sources such as NIST, FBI, and Homeland Security.
9. Gitworm @Gi7w0rm
Although Gitworm describes itself as malware and reverse engineering enthusiast, it frequently posts about data leaks, ransomware, vulnerabilities, and dark web events. It compiles information from Telegram channels, different research blogs, and cybersecurity researchers about threat actors and cyber incidents in an understandable way.
10. vx-underground @vxunderground
As of 2021, vx-underground removed the threat intelligence section from its website and stopped making such posts on its Twitter account. But it still has close contact with the field regarding claims to be the most extensive online library that shares the source codes of malware and ransomware used by threat actors, or IoCs of cyber events.
BONUS: Daily Dark Web @DailyDarkWeb
From the names of the latest cyberattack victims to data for sale on dark web forums, from job postings of threat actors to weekly newsletters, you’ll find everything you’re looking for on this Twitter account.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access.