BI.Zone Threat Intelligence

Main article: Security Information and Event Management (SIEM)

BI.ZONE Threat Intelligence is a cyber intelligence portal with a focus on the Russian threat landscape.

2025

Analytics and AI Assistant

The Analytics section and AI assistant appeared on the BI.ZONE Threat Intelligence portal The analytical dashboard will allow you to visualize data on the current landscape of cyber threats, and the AI assistant will present detailed information on the methods and tools of attackers. The developer announced this on October 6, 2025.

In this section of the cyber intelligence portal BI.ZONE Threat Intelligence, users will be able to work with interactive analytics. The dashboard will provide information about the most attacked countries, common malware, popular methods and tools used by attackers. You can also select the industries of interest and see which clusters are attacking them most intensively.

In addition, all cyber groups presented on the portal can be filtered depending on the purpose with which they carry out attacks: financial motivation, espionage or hacktivism. The user can also get information about the most active attackers in each of these categories.

You can display the data slices of interest on the dashboard in a few seconds using the available filters. Additionally, the "Personalize" button was added to the interface: with its help, the user can get data that is relevant for the industry in which his organization specializes with one click.

In addition to analytical tools, the AI assistant BI.ZONE Cubi is integrated into the BI.ZONE Threat Intelligence portal. With its help, users will be able to receive explanations of tactics, techniques and specific procedures used by attackers. BI.ZONE Cubi will also help you form a detailed description of the tools that cybercriminals use in real attacks. Using the AI assistant will help automate routine processes and free up specialist resources for higher priorities.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

BI.ZONE Cubi also uses data from the BI.ZONE Threat Intelligence portal within other BI.ZONE services and products. Thus, with the help of this data, the AI assistant helps to form sammari with alert recommendations, analyze and explain command lines for BI. ZONE SOAR users.

Launch of the free version

BI.ZONE has launched a free version of the cyber intelligence portal. The company announced this on March 31, 2025.

BI.ZONE Threat Intelligence is a solution that collects data on attackers and their tools used to attack Russian organizations and companies from other countries. In the publicly available free version of the portal, users will be able to get basic information about groups that are relevant for different industries.

The public version of the portal contains basic information about attackers:

• cluster descriptions,
• their names by taxonomy BI.ZONE and alternative names,
• motivation,
• activity start time,
• attacked countries,
• tools used.

Users can apply filters and select groupings according to different criteria: industry country or type of motivation.

In addition to summary data on attackers, technical articles from BI.ZONE Threat Intelligence experts are available with a detailed analysis of campaigns of specific groups.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

In the full version of the portal, users have access to an extensive array of data on the landscape of cyber threats in Russia and other countries, as well as a daily replenished set of compromise indicators with the ability to integrate them with their own means of protection. For example, there is a MITRE ATT&CK matrix, which contains a detailed description of tactics, techniques and procedures and even commands used by cybercriminals, with the ability to upload data. And the new Shadow Resources tool helps companies verify data breaches on illegal platforms, assess risks in advance, and prevent possible targeted attacks.

Add Shadow Resources

A new tool "Shadow Resources" has appeared on the cyber intelligence portal BI.ZONE Threat Intelligence. With its help, security specialists will be able to independently search for information on shadow resources that concerns their organization, as well as analyze the discussions of cybercriminals. This will allow preventive assessment of cyber threats and prevent possible targeted attacks. BI.Zone announced this on February 25, 2025.

In the Search for Accounts subsection, specialists responsible for the cybersecurity of companies will be able to check whether any of the corporate accounts have been compromised. You can search by email address, email domain or all its subdomains, as well as by a specific URL of the resource. 

This functionality will help to check the presence of leaked data on shadow resources, and in case of fresh leaks, receive timely notifications about them. This will allow cybersecurity specialists to quickly respond to a leak (for example, by resetting the passwords of compromised accounts) and prevent attackers from using this data to target the company.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

The subsection "Search for shadow resources" will allow you to receive data from communication platforms used by cybercriminals, for example, shadow forums and telegram channels. You can customize your search by keyword, phrase, or domain. Thus, security specialists can check whether their organization is mentioned on the resources of attackers, for example, in advertisements for the sale of stolen databases. It will also help you keep abreast of what tools and methods cybercriminals focus on.

Both subsections allow you to filter information according to different criteria, configure notifications about the appearance of new data of interest to the user, export the results in CSV format, as well as view the history of your requests and, if necessary, quickly repeat them.

2024: Adding an analytical tool based on the MITRE ATT&CK matrix

The BI.ZONE Threat Intelligence portal has been replenished with an analytical tool based on the MITRE ATT&CK matrix. BI.Zone announced this on July 22, 2024.

A single information panel has appeared in the updated version of the portal. In the MITRE ATT&CK matrix format, it presents all methods (up to and including procedures) of cyber groups described by BI.ZONE Threat Intelligence specialists. The user can independently form the data slices he needs and export them in various views.

A single dashboard is based on data on more than 70 activity clusters that track and describe BI.ZONE Threat Intelligence analysts. By selecting any technique of interest on the MITRE ATT&CK matrix, the user will see a detailed list of sub-equipment. For each, the following will be given:

• a list of cyber groups that used it;
• detailed description of applied procedures;
• Information about the command lines, malware, and other tools associated with each procedure.

Data on techniques, sub-techniques and procedures can be filtered by country and attacked industries. Slices on activity clusters, malware and tools are also available. For example, by selecting the Malware filter, the user will see how this or that technique was used by malware, and information about cyber groups and tools will be excluded from the selection.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

The data provided in the new format will be useful to many: from SOC employees and other cybersecurity specialists to CISO and top managers of the company involved in strategic planning and risk assessment.

According to BI.ZONE estimates, 76% of attacks on companies in Russia and other CIS countries are due to financial motivation, 15% are related to espionage, and 9% are attributed to hacktivists.