BI.ZONE Threat Intelligence upgraded to enable attack prediction and mitigate data breach impacts

The Underground resources tool is now available on the Threat Intelligence portal

April 25, 2025

With the new tool, cybersecurity specialists can independently monitor underground resources for information related to their organization as well as analyze adversary threads. This makes it possible for companies to proactively assess cyber threats and prevent potential targeted attacks.

In the Accounts tab, corporate security teams can check for any compromised accounts. They can search by email address, email domain, respective subdomains, and specific URLs.

The new feature allows specialists to identify data exposures on underground resources and receive timely notifications in case of fresh leaks. This enables a prompt response to data breaches (for example, by resetting the compromised account passwords) and prevents adversaries from using this data in a targeted attack.

Previously, the underground resources were solely monitored by BI.ZONE Threat Intelligence rather than by users, with the findings published on the portal. Now we are giving portal users the tools to conduct independent research. The new Underground resources tool is available for specialists to search for information either about their own company or client organizations within its data security commitments.

Oleg Skulkin

Head of BI.ZONE Threat Intelligence

The Underground resources tab provides an opportunity to retrieve data from communication platforms used by criminals, such as underground forums and Telegram channels. The search can be refined by keywords, phrases, or domains. This way, security professionals can check for brand mentions on malicious resources, for example, in ads offering stolen databases. Besides, it raises awareness about the tools and techniques favored by adversaries.

Information in the tabs can be filtered out by various criteria with the findings exported in CSV format. Users can customize notifications for new data feeds and view the history of their queries to run them again if necessary.

BI.ZONE Threat Intelligence data is the foundation of Threat Zone 2025, our annual research of the cyber threat landscape in Russia and other CIS countries. In 2024, among the most attacked industries were the public sector (15%), finance (13%), and transportation (11%). Threat actors were more likely to attack companies for espionage and ideological reasons. While criminals continued to experiment with tools and methods, phishing remained the most popular vector for gaining access to IT infrastructures. However, the share of phishing had decreased toward the end of the year.