ThreatChase

Open Platform for Protection Against Phishing

Learn more

About the project

The ThreatChase project aims to enhance cybersecurity capabilities across the EU by providing an innovative platform to protect against phishing. We believe that widespread adoption of cybersecurity solutions greatly depends on data about malicious activities, its accurate analysis, and the availability of an open platform for cybersecurity solution adopters. This project will contribute to improved cybersecurity preparedness by offering two key services:


  • A service with structured data on malicious URLs and domain names linked to phishing attacks.
  • A service to notify about compromised credentials (such as email addresses and passwords) exposed in data leaks, often resulting from phishing incidents.

Objective 1: Prevent

The project's primary objective is to identify phishing-related URLs and collect comprehensive metadata from open sources, using both passive and active scanning techniques. The ThreatChase service will offer a blacklist through the MISP server, which facilitates the storage, sharing, and distribution of threat data. By providing fresh, accurate information on malicious URLs and domains, this service will help organizations proactively defend against phishing threats by blocking malicious emails, websites, and domain name resolutions.

Objective 2: Notify

Beyond prevention, the platform will also notify organizations and individuals if their credentials are found in data leaks, helping users assess the need for password changes. This is particularly crucial as cybercriminals often exploit leaked credentials to launch new attacks, especially when individuals reuse passwords across multiple sites. The ThreatChase platform will be an essential tool for organizations to mitigate phishing risks, improving their cybersecurity posture by offering actionable intelligence and enabling swift defensive actions.

Impact

The ThreatChase project aims to make a significant and lasting impact on the cybersecurity landscape, with the potential to drive innovation, enhance security measures, and provide robust protection for ICT systems across various sectors, particularly focusing on addressing the growing and evolving threat of cyberattacks. The key goals of the project are:


  • Support the Adoption of Innovative Cybersecurity Solutions: The ThreatChase platform will directly foster the creation and deployment of cutting-edge cybersecurity measures, particularly against phishing, enabling organizations to protect themselves from evolving threats.
  • Provide Up-to-Date Tools and Services to Organizations: The project will provide vital resources to develop and deploy effective cybersecurity tools, especially for SMEs. These resources will empower organizations to better prepare for, respond to, and mitigate cybersecurity risks, safeguarding their assets and networks.
  • Enhance the Security of ICT Solutions: ThreatChase will also bolster the development of secure ICT solutions, including open-source alternatives. By supporting the creation of security protocols and best practices, the project will improve the overall security landscape, equipping organizations to defend against cyber threats more effectively.

The open data platform will play a pivotal role in accelerating the adoption and spread of innovative cybersecurity solutions in the following ways:


  • Increase Visibility and Accessibility: By centralizing information on innovative cybersecurity solutions, the platform will make it easier for organizations to discover and implement these solutions, boosting market adoption.
  • Promote Collaboration and Knowledge Sharing: The platform will facilitate collaboration across the cybersecurity community, enabling stakeholders to share insights and best practices, driving the growth of cybersecurity innovations.
  • Build Trust and Confidence: Transparency and accountability will be key drivers of trust, encouraging organizations to adopt new cybersecurity solutions with confidence.
  • Foster Innovation: The platform will serve as a hub for exchanging ideas, promoting the development of new solutions and enhancing existing ones to address the ever-evolving threat landscape.

In addition, the ThreatChase platform will play a pivotal role in improving cybersecurity capabilities, particularly for SMEs and public organizations across the EU. By providing real-time threat intelligence, organizations can detect and respond to cyberattacks more quickly, protecting critical systems and data. The platform will also support incident response strategies and cybersecurity tools, improving the effectiveness of detection and analysis. Ultimately, ThreatChase aims to become a central hub for connecting cybersecurity solution providers and adopters, strengthening the overall security ecosystem.

Partners

KOR Labs

KOR Labs

KOR Labs SAS is a university spin-off dedicated to combating cyber threats, helping the Internet community collectively increase barriers to abuse as well as companies to increase the effectiveness of their network protection and countermeasures. The team comprises security researchers with a strong academic track record and world-class expertise in cyber security and Internet technologies. The main focus of KOR Labs activities is on domain name and Domain Name System (DNS) abuse. The founders of KOR Labs are Prof. Maciej KorczyƄski and Prof. Andrzej Duda.

ORANGE Polska SA

ORANGE Polska SA

ORANGE Polska SA is a leader on the Polish market of fixed telephony, Internet, and data transmission. As the only operator, it offers comprehensive telecommunications solutions available throughout the country. Cybersecurity is one of key areas continuously developed in OPL. OPL CERT has already been operating for 25 years and it provides cybersecurity services to a wide range of customers protecting them against identified modern cyberthreats (DDoS, malware, phishing, applications vulnerabilities).

PDMFC LDA

PDMFC LDA

PDMFC LDA is an SME from Portugal, with a strong focus on the area of Information Security, having developed software that help dozens of large customers (including Governments) to detect fraud, money laundering, tax evasion, among many other things. It provides the Identity and Access Management framework (called SPA) that includes Real Time Risk Assessment, Segregation of Duties, Cryptographic fingerprinting of operations. PDMFC has experience in the Information Security-related area, manages several CSIRTs at national level (consultancy work), and develop Identity and Access Management Intelligence tools.

ICANN

NovaForensic

NovaForensic (legal name: Stability Bubble LDA) is a start-up from Portugal, founded by a former Law enforcement Agency crime investigator with a focus on the development of tools for Digital Forensics. Its tools are used by all LEA in Portugal to obtain relevant digital evidence for the crime (cyber-incident) under investigation. The NovaForensic objective is the evolution of digital forensic expertise through the adoption of the Forensic as a Service (FaaS) paradigm, which consists of the provision of forensic software in cloud computing enhanced by an artificial intelligence federated learning system.

European Cybersecurity Competence Centre and Network
Co-funded by the European Union

The project funded by the European Union under Grant Agreement No. 101128042 is supported by the European Cybersecurity Competence Centre. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.


Project details

  • Project number: 101128042
  • Call: DIGITAL-ECCC-2022-CYBER-03
  • Topic: DIGITAL-ECCC-2022-CYBER-03-UPTAKE-CYBERSOLUTIONS
  • Type of action: DIGITAL JU SME Support Actions
  • Project starting date: 1 October 2023
  • Project end date: 30 September 2026

Contact

  • Coordinating partner: KOR Labs
  • Email: threatchase@korlabs.io