Sneak preview of my #cyberwarcon slides 👀

"You compile me. You had me at RomCom" - When cybercrime met espionage"

Get ready for a #CYBERWARCON talk full of romantic comedy memes!

www.cyberwarcon.com/you-compile-...

IMO: Storm-0875 (overlaps UNC3944/Scattered Spider) is the most dangerous financial threat actor right now

Some recent developments:
1. Now deploying ransomware (had been extorting orgs before)
2. In last few months targeting large/well known enterprises (not just telcos/help desk/crypto orgs)

Attribution update from MSTIC on MOVEit Transfer 0-day exploitation by Lace Tempest. Victims w/ data theft are likely to be extorted via the cl0p leak site in coming weeks

We’ve shared intel on dozens of exfil IP addresses used in attacks w/customers & industry partners