Today I went to RUSI and @hultquist.bsky.social told me his thoughts about what to expect from Iranian cyber operations in the near future...
Essentially, while tactics won't suddenly change, he believes the attacks will have a much wider scope...
www.infosecurity-magazine.com/news/iran-cy...
Huge props to Mandiant Threat Defense who were instrumental in unravelling this thing. More details in our blog: 2/x cloud.google.com/blog/topics/...
Google Threat Intelligence Group took down a massive, longterm intrusion campaign into global telcos and government. This PRC-nexus actor built a vast surveillance tool across 42 confirmed countries and another 20 suspected countries. 1/x
As for Russian intent, the recent incident in Poland is a stark reminder that the motivation is stronger than ever. I don’t think they are going to be bashful about deploying these capabilities, especially when they’re so easily deniable. 4/x
I’m most concerned about DDOS attacks, which have been en vogue lately with hacktivist groups with Russian government ties. DDOS attacks are generally temporary, but when timed right, they can be quite powerful. 3/x
The goal is to take some of the shine off the Games, and by extension its participants, and generally that’s best done by disrupting the complex and carefully orchestrated event. Attacks on critical infrastructure like transit are precedented. So are attacks on the broadcast. 2/x
The conditions are absolutely ripe for cyberattacks on the Winter Games. In addition to historic precedent like Sandworm’s attempted disruption of the Pyeongchang opening ceremonies, Russian sabotage and cyberattack in Europe right now is reaching fever pitch. 1/x
Notepad++ compromised in supply chain attack from June to December 2025 by “likely Chinese state-sponsored actor”. notepad-plus-plus.org/news/hijacke...
"The actor Poland has identified is notable for a lengthy history of digging into global critical infrastructure while holding back on actual attacks," @hultquist.bsky.social says. "If they have finally pulled the trigger, that would be a major departure from over a decade of restraint."
Perhaps most disconcerting is that if this is Berserk Bear/Dragonfly/Isotope/FSB, then they are now in play. Their ops were notable by the fact that they have not carried out an attack. Especially disconcerting considering the decade of quiet intrusions they have carried out. 3/x
Russian cyberattacks in Europe have been slowly ramping up, just like physical sabotage. They are boiling the frog, ratcheting up pressure while avoiding major blowback. There will be more incidents. I’m particularly concerned about the Winter Olympics. 2/x
Poland releases details on December’s cyberattack on their energy infrastructure, noting similarities to prior FSB activity. The wiper has been attributed by others to Sandworm (GRU). Attribution is definitely not super clear yet. 1/x cert.pl/uploads/docs...
Ready to put your analysis skills to the test? Join us on Nov 18 (pre-CYBERWARCON) for a Synapse challenge using a real-world scenario. There will be snacks and limited-edition challenge coins! vertex.link/events/cyber...
Meet our speaker: Kevin Hoganson! He leverages a broad skill set across cyber threat intelligence, digital forensics & incident response.
His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.
www.cyberwarcon.com
Tickets are almost sold out. Nerds.
www.cyberwarcon.com
Meet our speaker Dlshad Othman!
He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.
He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
An opinion piece I wrote for Cipher Brief on the next wave of AI threats. The speed and scale of this activity will change the nature of cybersecurity. In order to compete with adversary use of this technology we must adopt it wholeheartedly into defense. www.thecipherbrief.com/ai-cyberatta...
Meet our speaker Caleb Marquis!
His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.
We're excited to have Eric Kerr join us at CYBERWARCON! His talk, "From Hacker to Help Desk: The Surprising Story of a North Korean Cyber Operator", will cover the activities of Andariel, a North Korean hacking group that steals military & nuclear technology from US & South Korean defense networks.
We're proud to announce Ruarigh Thornton is joining us this year at CYBERWARCON! Head of Research and Disruption at PGI, with experience in threats including counter espionage, hostile state information operations + more. He has led 100+ digital investigations.
www.cyberwarcon.com
I won’t be at CYBERWARCON this year so I need someone to give @hultquist.bsky.social a hard time for me. I don’t yet know why he deserves this, but I’m sure a reason will present itself between now and then. The man never disappoints in the shenanigans and tomfoolery department.
Have you ever wanted to see two terminally online nerds really (and I mean *really*) get into the SVR deep lore while continuing the eternal goal of making 2016 last forever?
Gosh does @cyberwarcon.bsky.social have a talk for you!
CYBERWARCON is gooooooooo! This year’s agenda is live! Thank you submitters.
Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
What's that?
www.cyberwarcon.com/oil-into-the...
🚨🚨🚨 Google released a report on "Brickstorm" this morning — a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage. cyberscoop.com/chinese-cybe...
We are expecting several organizations who use this tool and actively hunt for this threat will find that this actor has been active in their networks for some time.
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
