VERY IMPORTANT

This article discusses the use of automated pivoting and graph neural networks (GNN) to proactively discover malicious infrastructure used by threat actors. The approach leverages the tendency of attackers to reuse, rotate and share infrastructure when setting up campaigns. Three case studies are presented: a postal services phishing campaign, a credit card skimmer campaign, and a financial services phishing campaign. The research demonstrates how defenders can use this method to uncover new indicators and block infrastructure before it is weaponized. The article highlights the benefits of continuous monitoring and correlation in detecting evolving threat actor behavior and infrastructure.