.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Colin Cowie
Colin is a Threat Intelligence Analyst for the Sophos Managed Detection and Response (MDR) team, focusing on threat actor identification, incident response and working alongside detection engineers to address emerging threats. In past roles he worked in the financial sector performing internal and external penetration testing.
Content by Colin Cowie
Security Operations
Campaña maliciosa en WhatsApp despliega el troyano bancario Astaroth
November 21, 2025
Threat Research
Astaroth
Brazil
Featured
Guildma
infostealer
WhatsApp
worm
WhatsApp compromise leads to Astaroth deployment
November 20, 2025
Threat Research
Featured
MDR
Patch Tuesday
SharePoint
Sophos X-Ops
toolshell
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
July 21, 2025
Security Operations
Threat Research
3am ransomware
Featured
vishing
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist
May 20, 2025
Security Operations
Threat Research
adversary in the middle
Featured
MFA
MFA phishing
qilin
RMM
ScreenConnect
Sophos X-Ops
supply chain compromise
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
April 1, 2025
Security Operations
Threat Research
Black Basta
Featured
Fin7
Java malware
legitimate service abuse
Microsoft Office 365
python malware
Quick Assist
remote machine management
Sophos X-Ops
STAC5143
stac5777
Teams
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
January 21, 2025
Security Operations
Threat Research
CloudFlare
Featured
FlowerStorm
legitimate service abuse
Phishing
phishing-as-a-service
Rockstar
Rockstar2FA
Sophos MDR
Sophos X-Ops
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
December 19, 2024
Security Operations
Featured
human-led threat hunting
MDR
Microsoft SQL Server
Mimic Ransomware
Sophos X-Ops
Sophos MDR hunt tracks Mimic ransomware campaign against organizations in India
August 7, 2024
Threat Research
Featured
MDR
rhysida ransomware
Sophos X-Ops
threat activity cluster
vice society ransomware
Same threats, different ransomware
November 10, 2023
