BI.Zone Threat Intelligence

Main article: Security Information and Event Management (SIEM)

BI.ZONE Threat Intelligence is a cyber intelligence portal with a focus on the Russian threat landscape.

2025

Free version launch

BI.ZONE has launched a free version of the cyber intelligence portal. The company announced this on March 31, 2025.

BI.ZONE Threat Intelligence is a solution that collects data on attackers and their tools used to attack Russian organizations and companies from other countries. In the publicly available free version of the portal, users will be able to get basic information about groups that are relevant for different industries.

The public version of the portal contains basic information about attackers:

• cluster descriptions,
• their names by taxonomy BI.ZONE and alternative names,
• motivation,
• activity start time,
• attacked countries,
• tools used.

Users can apply filters and select groupings according to different criteria: industry country or type of motivation.

In addition to summary data on attackers, technical articles from BI.ZONE Threat Intelligence experts are available with a detailed analysis of campaigns of specific groups.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

In the full version of the portal, users have access to an extensive array of data on the landscape of cyber threats in Russia and other countries, as well as a daily replenished set of compromise indicators with the ability to integrate them with their own means of protection. For example, there is a MITRE ATT&CK matrix, which contains a detailed description of tactics, techniques and procedures and even commands used by cybercriminals, with the ability to upload data. And the new Shadow Resources tool helps companies verify data breaches on illegal platforms, assess risks in advance, and prevent possible targeted attacks.

Add Shadow Resources

A new tool "Shadow Resources" has appeared on the cyber intelligence portal BI.ZONE Threat Intelligence. With its help, security specialists will be able to independently search for information on shadow resources that concerns their organization, as well as analyze the discussions of cybercriminals. This will allow preventive assessment of cyber threats and prevent possible targeted attacks. BI.Zone announced this on February 25, 2025.

In the Search for Accounts subsection, specialists responsible for the cybersecurity of companies will be able to check whether any of the corporate accounts have been compromised. You can search by email address, email domain or all its subdomains, as well as by a specific URL of the resource. 

This functionality will help to check the presence of leaked data on shadow resources, and in case of fresh leaks, receive timely notifications about them. This will allow cybersecurity specialists to quickly respond to a leak (for example, by resetting the passwords of compromised accounts) and prevent attackers from using this data to target the company.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

The subsection "Search for shadow resources" will allow you to receive data from communication platforms used by cybercriminals, for example, shadow forums and telegram channels. You can customize your search by keyword, phrase, or domain. Thus, security specialists can check whether their organization is mentioned on the resources of attackers, for example, in advertisements for the sale of stolen databases. It will also help you keep abreast of what tools and methods cybercriminals focus on.

Both subsections allow you to filter information according to different criteria, configure notifications about the appearance of new data of interest to the user, export the results in CSV format, as well as view the history of your requests and, if necessary, quickly repeat them.

2024: Adding an analytical tool based on the MITRE ATT&CK matrix

The BI.ZONE Threat Intelligence portal has been replenished with an analytical tool based on the MITRE ATT&CK matrix. BI.Zone announced this on July 22, 2024.

A single information panel has appeared in the updated version of the portal. In the MITRE ATT&CK matrix format, it presents all methods (up to and including procedures) of cyber groups described by BI.ZONE Threat Intelligence specialists. The user can independently form the data slices he needs and export them in various views.

A single dashboard is based on data on more than 70 activity clusters that track and describe BI.ZONE Threat Intelligence analysts. By selecting any technique of interest on the MITRE ATT&CK matrix, the user will see a detailed list of sub-equipment. For each, the following will be given:

• a list of cyber groups that used it;
• detailed description of applied procedures;
• Information about the command lines, malware, and other tools associated with each procedure.

Data on techniques, sub-techniques and procedures can be filtered by country and attacked industries. Slices on activity clusters, malware and tools are also available. For example, by selecting the Malware filter, the user will see how this or that technique was used by malware, and information about cyber groups and tools will be excluded from the selection.

Шаблон:Quote 'author=said Oleg Skulkin, head of BI.ZONE Threat Intelligence.

The data provided in the new format will be useful to many: from SOC employees and other cybersecurity specialists to CISO and top managers of the company involved in strategic planning and risk assessment.

According to BI.ZONE estimates, 76% of attacks on companies in Russia and other CIS countries are due to financial motivation, 15% are related to espionage, and 9% are attributed to hacktivists.