Hudson Rock has been the go-to source for all things cybersecurity and infosec updates. Be it offering dark web intelligence or finding one’s own data on breach forums, Hudson Rock has been a torch bearer, bringing the latest updates to people.
TechNadu reached out to the company to know how they work, what powers them, their mission, their perspective on information security, and what they can share about the present threat landscape.
Here is what Leonid Rozenberg, the Cybercrime and Threat Intelligence Researcher of Hudson Rock, had to share.
1. Please tell us about the formation of the company, choosing the name Hudson Rock, and what led to the threat intelligence.
Hudson Rock was established in 2020 by two co-founders, Roi Carthy and Alon Gal. As a bootstrapped company, we have grown to serve dozens of organizations worldwide, including private and public entities and government agencies.
The decision to focus on threat intelligence, including Infostealer and cybercrime intelligence, stemmed from early recognition of the growing Infostealer malware trend, which began emerging as a significant cybersecurity threat in 2019.
At the time, the broader cybersecurity community had yet to fully grasp the scale and impact of Infostealers, making Hudson Rock’s approach to sourcing cybercrime intelligence directly from threat actors highly unique.
Given this distinct approach, the founders deliberately chose not to include common industry-related keywords like “cyber” in the company’s name.
2. What are some of the free tools that you offer to users, and what motivates you to share those resourceful solutions without a cost?
We believe that anyone should be able to check their personal, corporate, or third-party exposure to global Infostealer infections. This motivated us to open some of our data end-points to everyone.
These tools are offered for free as part of Hudson Rock’s commitment to a value-first approach. The goal is to democratize access to cybercrime intelligence and raise awareness about the risks posed by Infostealer infections.
Some notable features of our toolset are:
- Domain – Search for compromised corporate & supply chain infrastructure.
- Email Address – Search for specific email addresses of employees, customers, users, and partners.
- Android App – Find out whether users of your Android app have had their credentials compromised.
- Technology Profiler – Discover if companies are using a technology like Citrix, Webmail, Confluence, etc.
- Password Hygiene – Discover password hygiene in any company and search any domain to discover if password complexity requirements are implemented based on actual exposed credentials.
We offer a visual interface of our toolset and a community API integration. We are proud to share our complimentary data with over 65 different cyber intelligence projects. By the way, we are always happy to integrate with more projects that find value in Infostealer intelligence.
It’s important to mention that Hudson Rock prioritizes privacy and ensures no sensitive information is exposed through the use of these free tools.
3. Can you share how Cavalier was created and its features? What are some of the interesting observations related to using the service?
Cavalier is Hudson Rock’s flagship cybercrime monitoring and notification platform, designed to deliver actionable intelligence and alerts derived from data stolen via Infostealer malware.
The platform was created with the core principle of simplifying the process of working with the Infostealer-originated data, focusing on delivering clear, contextual, and prioritized insights to cybersecurity professionals.
Cavalier filters and contextualizes information and determines whether stolen credentials belong to corporate employees, users, or third-party services.
This helps prioritize critical cases, such as taking care of compromised corporate VPN credentials first, over less urgent scenarios like an employee using their corporate email for a personal food delivery account.
In 2024, Cavalier underwent a major redesign, transforming it into a dual-purpose platform. Beyond notifications and incident management, it now serves as an advanced investigation platform. With integrated AI capabilities, users can deeply analyze stolen data for a more comprehensive understanding of cyber incidents.
The primary observation from direct client feedback is that the user-friendliness of the Cavalier platform, paired with its advanced API capabilities for process automation, makes Hudson Rock the preferred choice for organizations.
4. Based on your observations, employees of which sector must be trained in cybersecurity? What are your observations about employees who work in different sectors with reference to maintaining cyber hygiene?
It is an excellent question because cybersecurity training is relevant to every employee, regardless of the size of the company. It doesn’t matter if you’re a small business with 30 employees, a large corporation, or a government organization.
It’s important to know how Infostealer malware spreads and how anyone can get infected.
A number of different methods are used to spread this malware, including phishing emails, fake ads, pirated software, etc. This information is backed by statistics from over 30 million infected computers analyzed by Hudson Rock’s researchers.
It’s also important to mention that not following cybersecurity policies, making human mistakes, or simply cutting corners is also a major problem. For example, an employee performing work on his personal computer (which is most likely prohibited by many companies) and thereafter running the game crack (that is actually an Infostealer) on the same device.
5. Can you disclose some of the threats faced by Hudson Rock while reporting cybercrimes? Did it lead to a change in the working environment? Did it impact the digital infrastructure? If yes, then how?
At Hudson Rock, our primary focus is on providing actionable intelligence to our customers rather than proactively reporting cybercrime to law enforcement or other authorities.
However, we do receive professional inquiries from such organizations, and when appropriate, we assist in specific cases.
6. Please share about your product, Bayonet. What are the common doubts that customers have about using it?
Bayonet is an additional product of Hudson Rock and can be considered a smaller sibling to the Cavalier platform. While Cavalier serves as an advanced intelligence and research platform, Bayonet is specifically designed as a Sales Prospecting & Enrichment Tool tailored for Cybersecurity Sales Teams and MSSPs.
Bayonet sources the data from Hudson Rock’s main repository and focuses on providing actionable sales insights while eliminating non-relevant technical noise, making it an efficient and streamlined tool for sales professionals.
Bayonet is utilized by third-party companies to search for compromised assets that align with the products or services they offer to secure them.
Infostealers, known for extracting vast amounts of data from infected computers, combined with Hudson Rock’s advanced data parsing capabilities, allow Bayonet users to quickly find potential leads.
For instance, if a third-party vendor focuses on securing organizations using SSO as part of their policy, a simple search for the keyword “SSO” on Bayonet will immediately provide insights on over 20,000 companies, helping the vendor identify opportunities and refine their offerings.
7. What is the approximate number of companies that have active vulnerabilities in their systems as you answer this question? How fast can Bayonet help them, and in what ways?
As of January 2025, based on the analysis of over 30,000,000 infected computers, there are approximately 11,600,000 compromised domains. This represents a vast number of companies of all sizes, spanning every industry and region worldwide.
Thanks to our advanced parsing and data storage technology, Bayonet and Cavalier users can access crucial intelligence in just a few seconds.
To be clear, Hudson Rock does not scan for specific company vulnerabilities. The intelligence we provide is solely based on data originating from Infostealer infections
8. Please share more about Hudson Rock’s connection with the IDF’s 8200 Cyber Unit. What kind of exposure did the team have by working at the cybercrime intelligence unit?
I can share that Hudson Rock’s Co-Founder and CTO, Alon Gal, played a pioneering role in developing the cybercrime intelligence domain during his service in the IDF’s 8200 Cyber Unit.
His experience laid the foundation for transforming military-grade cyber intelligence methodologies into effective private-sector solutions.
Hudson Rock also employs several Israeli military veterans across various departments, including R&D and intelligence research.
9. What is your advice to victims of data leaks due to infostealers? How can they prevent further damage and secure their systems?
In the event of an Infostealer infection, victims must change all their passwords immediately. This step is critical and should be taken as soon as the incident is identified. Doing so will prevent threat actors from monetizing stolen information – or at least minimize the damage.
To proceed effectively, start by checking which credentials were stored in the browser’s built-in password manager (a feature present in all modern internet browsers). This process will help create a prioritized to-do list of accounts that require immediate attention.
Infostealers specifically target the correlation between URLs, emails/usernames, and passwords stored in browsers.
It is also important to note that resetting passwords will invalidate cookie sessions, which are also commonly stolen by Infostealers. This is significant because active cookie sessions can allow threat actors to bypass multi-factor authentication (MFA).
Modern Infostealers are generally non-persistent malware. Once they infect a system, they usually delete themselves after executing their task. As a result, the likelihood of residual malware on the system that continues to harvest newly added data is very low.
It is advisable to stop storing credentials in browsers altogether. As mentioned, Infostealers primarily target this data.
While third-party password managers are an alternative, they come with their own pros and cons. Regardless of the method chosen, avoiding the storage of sensitive information in browsers reduces the risk of theft.
Additionally, never recycle new passwords across different accounts. Each account should have a unique, strong password.
Understanding how Infostealers are delivered can significantly help in avoiding infection. The primary delivery methods include:
- Phishing Emails: Be cautious of suspicious emails prompting you to download and execute files.
- Fake Ads: Threat actors often run fake ad campaigns as promoted results on search engines. These ads redirect users to fraudulent sites where they are tricked into downloading malicious files. Always verify that you’re clicking on legitimate search results rather than paid advertisements, which typically appear at the top of the page.
- Social Media Scams: Watch out for fake or hijacked social media accounts offering deals that seem too good to be true. The goal is to convince victims to download Infostealer-laden files.
- Pirated Software: One of the most common delivery methods that exploits human factors. Millions of users seek pirated software, game cracks, and similar content, often shared via torrents. This pirated content will most likely be paired with the malware. Always download software from legitimate sources and avoid trusting files obtained through torrent networks.
10. Based on the intelligence and solutions that Hudson Rock provides, what are the areas that companies and individuals can approach you for? Can you share a list of problems people can approach you for?
At Hudson Rock, we specialize in providing intelligence and solutions that address a broad spectrum of cybersecurity challenges faced by companies, governments, and MSSPs.
Our expertise centers on understanding and mitigating the threats posed by data stolen through Infostealers, a key enabler for various types of cyberattacks such as ransomware deployment, corporate espionage, account takeover (ATO), business email compromise (BEC), money laundering, fraud, and many other evolving attack vectors.
Every company is unique and pursues its own cybersecurity goals. For example, a company that focuses on employee protection can benefit from our capability to mark and display the data related only to them.
On the other hand, the company that focuses on minimizing fraud originating from compromised users can use Cavalier to filter only for this type of user-related information.
Governments and cyber security companies can benefit from our advanced AI-powered research module that can help to dive into raw data for further investigation or even unmask the identities of threat actors and users behind cybercrime sources.
Hudson Rock’s data can be used in multiple scenarios and can be adapted for different use cases for defensive purposes.
11. What is your observation about nation-state adversaries? Are they more damaging to the target or other cybercriminals?
Nation-state adversaries operate with a significant advantage over traditional cybercriminals due to their direct government backing. This support manifests in various forms, including superior budgets, access to advanced tools, highly skilled manpower, and the ability to leverage state intelligence resources.
Tracking the activities of nation-state actors is particularly challenging because, unlike cybercriminals who engage in discussions on underground forums and marketplaces, nation-state adversaries prefer to operate in the shadows. Their successes and breaches are rarely publicized, and they take extensive measures to conceal their presence.
We are also aware that data from Infostealer logs is valuable to nation-state actors. The compromised credentials and sensitive data extracted from these logs can be leveraged for intelligence-gathering, further exploitation, or even as part of broader cyberespionage campaigns.
This overlap between cybercriminal and nation-state operations highlights the blurred lines in the modern cyber threat landscape, where nation-states can benefit from the same tools and tactics originally designed for financial cybercrime.
12. According to you, what resources do cybercriminals use to upgrade their capabilities? They are using AI and all the technological advancements to their advantage. Could cybersecurity professionals predict their future actions and build their tools to stay a step ahead of them?
Cybercriminals continuously upgrade their capabilities by sourcing tools, services, and knowledge from various underground forums, primarily in Russian and English languages.
These forums serve as central hubs where cybercriminals collaborate, exchange information, and offer new types of illicit services. They have become the go-to marketplaces for cybercrime innovation.
When it comes to Infostealers, every new malware family discovered by Hudson Rock is almost always linked to these cybercrime forums. This underscores the importance of continuously monitoring underground activity to track the latest developments, identify emerging threats, and anticipate how cybercriminals may evolve their tactics.
While AI is beginning to make its way into cybercrime, we have yet to observe its direct integration into Infostealer malware. However, some malicious tools have started incorporating AI-driven functionalities, such as automating phishing attacks and enhancing social engineering tactics.
As AI technologies become more accessible, it is likely that cybercriminals will explore new ways to leverage them for more sophisticated attacks.
Predicting cybercriminals’ future actions is always a challenge, but cybersecurity professionals can stay ahead by proactively researching emerging threats. By the way, this is the reason why we created the Infostealers.com hub, which aggregates all recent Infostealer-related information and is open to anyone.
