$3 BILLION: the (underestimated) profit of North Korea-based APTs' cyber operations over the past 5 years. Meet me at @SANSInstitute @NCSC #CyberThreat23 to talk about Black Alicanto (#TA444, #Bluenoroff) activity, TTPs, and place in the wider #DPRK cyber threat ecosystem! @SANSInstitute @NCSC I am very, very excited to cover #DPRK cyber ops, a topic that I've spent the past 5 years researching - how Black Alicanto (#TA444, #Bluenoroff, Sapphire Sleet) operates, and how it fits in with other DPRK- based APTs: Black Artemis/#Lazarus Group, #AppleJeus, #TraderTraitor.

#ICYMI, here's a #threatintel related🧵👇 by me on @USTreasury advisory on DPRK IT workers' attempts to obtain employment while posing as non-North Korean nationals: home.treasury.gov/system/files/1… (1/?) DPRK IT workers "engage in a wide range of IT dev work, such as: mobile & web-based apps, virtual currency exchange platforms & digital coins. Some
designed virtual currency exchanges or created analytic tools/apps for virtual currency traders & marketed their products." (2/?)

ICYMI, @PwC_UK’s 2020 #threatintel Year in Retrospect report is out now! All team contributed but h/t to @KystleM_Reid! :fire: You can check it out here: pwc.to/2ZPx7fo In this thread, I will summarise some of what I thought were key findings: 🧵👇 1/n #Ransomware has become the most significant cyber security threat faced by organisations, irrespective of industry/location. TTPs have pivoted to mass data exfiltration prior to encryption, along with leaks & extortion. S/o to @andyp346 for all your work countering this.🙏 2/n