Fingerprinting threat actors by their anonymity techniques

May 28, 2025

Threat actors doing crime online use a variety of precautions and technologies to avoid getting caught. Mick Deben is a cybersecurity consultant with DMC Group in the Netherlands. He recently completed his master’s degree thesis, which focused on creating a knowledge base around these anonymity techniques. The knowledge base is called Concealment Layers for Online Anonymity and Knowledge (CLOAK), and it’s intended to give CTI practitioners another way to fingerprint threat actors. In this Studio 471, Deben discusses how he developed CLOAK and how practitioners can use it.

Participants:
Mick Deben, Cybersecurity Consultant, DMC Group
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Threat Hunting//

Threat Hunting Case Study: FileFix

FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.

Emerging Threats//

Gentlemen Ransomware

Gentlemen ransomware uses credential abuse, defense evasion, and double extortion tactics to compromise enterprise environments and increase pressure on victims.

Emerging Threats//

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Fingerprinting threat actors by their anonymity techniques

Related Articles

Threat Hunting Case Study: FileFix

Gentlemen Ransomware

TeamPCP Supply Chain Attacks

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update