We forensically map the technical infrastructure behind disinformation campaigns targeting critical infrastructure. From a flagged site to the actor network behind it.
Disinformation campaigns targeting European critical infrastructure are detected at the narrative level. But the technical infrastructure behind them — domains, hosting, DNS patterns, registration chains — often goes unexamined.
This leaves a blind spot between information operations and cyber threat intelligence. The actors running coordinated fake news sites frequently share infrastructure with entities involved in conventional cyber operations. Without forensic analysis of that infrastructure layer, the connection stays invisible.
Domain registration chains, hosting provider identification, shared infrastructure mapping across related domains, historical DNS records, and certificate transparency analysis.
Matching infrastructure patterns against known threat actor tooling and techniques. Identifying when disinformation sites share technical signatures with previously attributed operations.
Connecting infrastructure findings to assess coordinated activity, identify operational patterns, and build the forensic evidence base for threat actor attribution.
All findings delivered as structured threat intelligence in STIX 2.1 format, directly compatible with MISP, OpenCTI, and standard CTI platform workflows.
We take suspected disinformation sites from your existing pipeline and deliver full infrastructure forensic reports with STIX 2.1 formatted intelligence products.
Structured presentation of forensic results to your analysts and stakeholders. What we found, what the infrastructure patterns reveal, and what it means for your threat picture.
Hands-on training in OSINT infrastructure forensics methodology. Your analysts learn to trace registration chains, identify hosting clusters, and produce actionable intelligence.
Assessment of disinformation infrastructure targeting your sector or region, based on our ongoing detection work and research findings.
Proven methodology — Documented OSINT methodology for identifying and technically fingerprinting disinformation infrastructure, developed through real-world detection and attribution work.
STIX 2.1 native — Intelligence output formatted to standard, directly compatible with MISP, OpenCTI, and existing CTI workflows used by European CERTs and SOCs.
Nordic threat focus — Specializing in hybrid threats targeting Swedish and European critical infrastructure, with particular emphasis on Russian and Chinese influence operations.
Swedish company — Intercomplexity Inc. DBA Erebus, based in Stockholm. Swedish-founded, operating under Swedish jurisdiction.
We work with government agencies, defense organizations, and threat intelligence teams across Europe. If you're dealing with hybrid threats targeting your infrastructure or sector, we should talk.