a man in a purple and black jacket with a ravens logo on the front ALT: a man in a purple and black jacket with a ravens logo on the front

Getting ready to read these @sleuthcon.bsky.social talk proposals! Last day sleuths! IT’S CRIME TIME!

The @SLEUTHCON CFP closes next week. Don’t waste valuable time doing your taxes. Submit! Submit! Submit!

The @SLEUTHCON CFP closes next week. Don’t waste valuable time doing your taxes. Submit! Submit! Submit!

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering | Google Cloud Blog North Korean threat actors target the cryptocurrency industry using AI-enabled social engineering such as deepfakes, and ClickFix.

We are still looking at the axios supply chain compromise, but we’ve attributed it to UNC1069, a suspected DPRK actor, who we covered in a blog this February. They are financially-motivated and historically DPRK uses these incidents to target crypto. cloud.google.com/blog/topics/...

Get your tickets (and CFPs) now! This conference is always a great time and you learn a lot.

SLEUTHCON 2026 is coming! 🐍🐻🌲

Registration is open and our CFP is live!

We're back on June 5th, in-person in Arlington, VA and virtually. CFP closes April 17th + tickets will sell out!

sleuthcon.com

#SLEUTHCON #SLEUTHCON2026 #Cybercrime

Expect Iran to Launch Cyber-Attacks Globally, Warns Google John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Today I went to RUSI and @hultquist.bsky.social told me his thoughts about what to expect from Iranian cyber operations in the near future...

Essentially, while tactics won't suddenly change, he believes the attacks will have a much wider scope...

www.infosecurity-magazine.com/news/iran-cy...

Disrupting the GRIDTIDE Global Cyber Espionage Campaign | Google Cloud Blog GTIG, Mandiant, and partners took action to disrupt a global espionage campaign from a suspected PRC-nexus cyber espionage group.

Huge props to Mandiant Threat Defense who were instrumental in unravelling this thing. More details in our blog: 2/x cloud.google.com/blog/topics/...

Google Threat Intelligence Group took down a massive, longterm intrusion campaign into global telcos and government. This PRC-nexus actor built a vast surveillance tool across 42 confirmed countries and another 20 suspected countries. 1/x

As for Russian intent, the recent incident in Poland is a stark reminder that the motivation is stronger than ever. I don’t think they are going to be bashful about deploying these capabilities, especially when they’re so easily deniable. 4/x

I’m most concerned about DDOS attacks, which have been en vogue lately with hacktivist groups with Russian government ties. DDOS attacks are generally temporary, but when timed right, they can be quite powerful. 3/x

The goal is to take some of the shine off the Games, and by extension its participants, and generally that’s best done by disrupting the complex and carefully orchestrated event. Attacks on critical infrastructure like transit are precedented. So are attacks on the broadcast. 2/x

The conditions are absolutely ripe for cyberattacks on the Winter Games. In addition to historic precedent like Sandworm’s attempted disruption of the Pyeongchang opening ceremonies, Russian sabotage and cyberattack in Europe right now is reaching fever pitch. 1/x

Notepad++ compromised in supply chain attack from June to December 2025 by “likely Chinese state-sponsored actor”. notepad-plus-plus.org/news/hijacke...

"The actor Poland has identified is notable for a lengthy history of digging into global critical infrastructure while holding back on actual attacks," @hultquist.bsky.social says. "If they have finally pulled the trigger, that would be a major departure from over a decade of restraint."

Perhaps most disconcerting is that if this is Berserk Bear/Dragonfly/Isotope/FSB, then they are now in play. Their ops were notable by the fact that they have not carried out an attack. Especially disconcerting considering the decade of quiet intrusions they have carried out. 3/x

Russian cyberattacks in Europe have been slowly ramping up, just like physical sabotage. They are boiling the frog, ratcheting up pressure while avoiding major blowback. There will be more incidents. I’m particularly concerned about the Winter Olympics. 2/x

Poland releases details on December’s cyberattack on their energy infrastructure, noting similarities to prior FSB activity. The wiper has been attributed by others to Sandworm (GRU). Attribution is definitely not super clear yet. 1/x cert.pl/uploads/docs...

Ready to put your analysis skills to the test? Join us on Nov 18 (pre-CYBERWARCON) for a Synapse challenge using a real-world scenario. There will be snacks and limited-edition challenge coins! vertex.link/events/cyber...

Meet our speaker: Kevin Hoganson! He leverages a broad skill set across cyber threat intelligence, digital forensics & incident response.

His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.

www.cyberwarcon.com

Tickets are almost sold out. Nerds.

www.cyberwarcon.com

Meet our speaker Dlshad Othman!

He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.

He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.

If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.

AI-Powered Adversaries Require AI-Driven Defenses OPINION — The use of artificial intelligence by adversaries has been the subject of exhaustive speculation. No one doubts that the technology will be abused by criminals and state actors, but it can b...

An opinion piece I wrote for Cipher Brief on the next wave of AI threats. The speed and scale of this activity will change the nature of cybersecurity. In order to compete with adversary use of this technology we must adopt it wholeheartedly into defense. www.thecipherbrief.com/ai-cyberatta...

Meet our speaker Caleb Marquis!

His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.

We're excited to have Eric Kerr join us at CYBERWARCON! His talk, "From Hacker to Help Desk: The Surprising Story of a North Korean Cyber Operator", will cover the activities of Andariel, a North Korean hacking group that steals military & nuclear technology from US & South Korean defense networks.

We're proud to announce Ruarigh Thornton is joining us this year at CYBERWARCON! Head of Research and Disruption at PGI, with experience in threats including counter espionage, hostile state information operations + more. He has led 100+ digital investigations.

www.cyberwarcon.com

I won’t be at CYBERWARCON this year so I need someone to give @hultquist.bsky.social a hard time for me. I don’t yet know why he deserves this, but I’m sure a reason will present itself between now and then. The man never disappoints in the shenanigans and tomfoolery department.

Oil Into The Fire — CYBERWARCON

Have you ever wanted to see two terminally online nerds really (and I mean *really*) get into the SVR deep lore while continuing the eternal goal of making 2016 last forever?

Gosh does @cyberwarcon.bsky.social have a talk for you!