@bad_packets profile picture
Bad Packets by Okta @bad_packets

We provide cyber #threatintel on emerging threats, DDoS botnets, and network abuse.

Joined April 2017
  • Tweets 1,967
  • Following 2
  • Followers 50,947
331 Photos and videos
Anyone reusing credentials on their Fortinet device? Asking for a friend on AS17511 (219.75.254[.]166) who keeps failing to get their password right.
1
5
7
2,305
We analyzed over 300,000 rows of the January 2026 BreachForums database leak to find their users' anonymizers of choice. Join us in the cantina. 🧵
1
7
9
3,061
more replies
BreachForums never verified email addresses. A forum admin even told members to use disposable ones. 81% used Gmail anyway. Most of those burner addresses appear nowhere else. The remaining ~5,800 showed up in infostealer malware logs.
1
1
2
1,135
Full analysis of the BreachForums network and user data, including top ASNs, VPN usage and blocklist recommendations, are all in our latest blog post. okta.com/blog/threat-intelli…

BreachForums logs reveal anonymizers of choice for shady characters | Threat Intelligence

okta.com
2
4
992
A browser extension promised security. In reality, it was a Trojan horse for your crypto. We tracked the extension, mapped the infrastructure and pulled the plug. Full breakdown of the takedown: bit.ly/40E9i9N

Disrupting ShieldGuard | Okta Threat Intelligence

okta.com
4
5
1,260
Watch @Okta’s exclusive interview with @HHieupc, a cybercrime investigator who explains the Vietnamese cybercrime-as-a-service ecosystem and how much of it operates in the open. Read our full research here: bit.ly/4r6NgHn
2:01
2
7
1,721
Fake accounts fuel global fraud. Our latest research uncovers a sprawling cybercrime-as-a-service ecosystem in Vietnam that sells fake and hacked accounts on a massive scale. Read our full research and raise your identity security posture: bit.ly/4b7Shtp

Fraudulent Account Signups At Scale | Threat Advisory | Okta Threat Intelligence

okta.com
2
6
1,351
University students using "tutors" are being extorted for thousands, but the risk is bigger: When students turn over login credentials, malicious actors can pivot to sensitive university systems and perpetrate fraud. okta.com/blog/threat-intelli…
2
5
1,198
Your star hire might be a DPRK agent. 🇰🇵 @Okta reveals how state actors use stolen LinkedIn IDs, AI-generated faces, and forged git commits to bypass HR. Verify identities before they're on your payroll! #opentowork bit.ly/4quh8go
AI-generated image of a post from a North Korean state actor

ALT AI-generated image of a post from a North Korean state actor
3
8
1,681
Google disrupted IPIDEA, a major residential proxy network. Our data confirms a sharp drop in their active IPs following the action. 📉 Protect your Okta org today: block IPIDEA and residential proxies with dynamic network zones bit.ly/3OiZVJz
6
28
13,503
Our promise to you: serving up the bad packets. That's why we wrote about how to use threat intel right in @Auth0 Actions. bit.ly/494lt4M

Bulletproof Hosting Defense: Mitigating the Proxy Threat with Auth0

Learn how to mitigate the risks of Bulletproof Hosting providers using Auth0 Actions and threat intelligence signals to secure your identity infrastructure.

auth0.com
1
4
1,461
Revamped site, new IoCs. In addition to bad ASNs, we've got disposable email domains beloved by threat actors inside 👉 bit.ly/4b4GUUE

SMS Pumping | Threat Advisory | Okta Threat Intelligence

okta.com
Bad Packets by Okta@bad_packets
26 Nov 2025
Still tracking the bad packets, now powered by Okta log data! Top ASNs used in recent signup fraud attacks: • 212238 • 16276 • 44477 • 26548 • 200373 • 137409 • 214483 • 13213 • 397368
3
9
3,529
TTPs change, but you can keep up. Read our case study on how an @auth0 tenant used JA3 signatures to block 20mm fraudulent signup requests. bit.ly/4jTrAwv

How Auth0 Tenant Access Control List Empowers Customers Under Fire

Discover how an Auth0 customer used Tenant ACL and JA3 TLS client fingerprints to mitigate a massive signup fraud attack, blocking 21 million requests.

auth0.com
1
2
1,303
Our latest research reveals DPRK threat actors are targeting more than just tech. 📊 6,500 fake interviews 🏢 5,000 companies 🌍 27% of targets outside the U.S. 🏦 Sectors hit: finance, healthcare, public admin & more Read the full report here: bit.ly/48aNNCw
3
5
1,314
Still tracking the bad packets, now powered by Okta log data! Top ASNs used in recent signup fraud attacks: • 212238 • 16276 • 44477 • 26548 • 200373 • 137409 • 214483 • 13213 • 397368
1
4
11
5,400
Bad Packets is giving away a BSides Las Vegas ticket. Drop a comment below for a chance to win! Rules: One winner selected at random. No purchase necessary to enter. Government employees ineligible to participate. Void where prohibited. Winner will be announced on July 28th.
8
2
7
10,424
Drop all traffic from 109.205.213.0/24 (🇦🇿/🇬🇧/🇺🇸)* ____ *Geolocation vendors don't agree. Hosts associated with this netblock are physically located in 🇺🇸.
4
6
37
20,036
We’re excited to share @VerizonBusiness has finally dropped the 2023 Data Breach Investigations Report. Read up on all the latest cybersecurity intel, trends and advanced preventative measures. Download your copy here: vzbiz.biz/dbir-partner #DBIR

Verizon Business

Read the complete 2026 Data Breach Investigations Report (DBIR) for an in-depth, authoritative analysis of the latest cyber threats, data breaches, and actionable cybersecurity risks.

verizon.com
7
19
9,146
Load more