Logo
UNIT59INTELLIGENCE OPS
[INTELLIGENCE BRIEFINGS // THREAT DISPATCHES]

Operational
Briefings.

Threat intelligence dispatches, case studies, and forensic methodology releases from Unit59 analysts. Classified findings declassified for public awareness.

[LATEST DISPATCH]
[SYNDICATE RECON]

Anatomy of a Pig Butchering Syndicate: Southeast Asia Operations Mapped

Unit59 analysts have completed a 90-day reconnaissance operation mapping the infrastructure of a major pig butchering syndicate operating out of Myanmar and Cambodia. This briefing details the fund flow architecture, operator hierarchy, and on-chain signatures.

READ FULL BRIEFING →
[ALL DISPATCHES // 6 TOTAL]
[BLOCKCHAIN FORENSICS]

USDT TRC-20 Mixer De-Obfuscation: New Cluster Attribution Method

A new methodology for attributing USDT TRC-20 transactions through high-volume mixing services has been validated in three active cases. This dispatch outlines the technical approach and its implications for recovery operations.

[THREAT ADVISORY]

Fake Exchange Infrastructure: Phishing Kit Fingerprinting at Scale

Analysis of 340 fraudulent exchange domains reveals a common phishing kit with identifiable server-side signatures. Unit59 has developed automated detection tooling now deployed across our monitoring infrastructure.

[OPERATIONAL DISPATCH]

Cross-Chain Bridge Tracking: Following Funds Through LayerZero and Stargate

As threat actors increasingly leverage cross-chain bridges to obscure fund movement, Unit59 has developed a systematic approach to maintaining chain-of-custody across bridge transactions. Methodology and case study included.

[CASE STUDY]

Romance Scam Operator Attribution: From Wallet to Identity

A detailed case study on attributing a romance scam operation to specific individuals using a combination of on-chain analysis, OSINT, and domain registration intelligence. Three operators identified and referred to law enforcement.

[THREAT ADVISORY]

DeFi Rug Pull Early Warning Indicators: Pre-Exit Signature Analysis

Unit59 has identified a consistent set of on-chain behavioral signatures that precede DeFi rug pulls by 48-72 hours. This briefing details the indicators and how to monitor for them using publicly available tools.