Three Buddy Problem The dark hole of 'friendlies' and Western APTs
53 snips
May 30, 2025 The podcast dives into the complexities of cyber threat intelligence, spotlighting the controversial naming of actors like 'Void Blizzard' and the resulting confusion. It examines the significant role of initial-access brokers in nation-state breaches and critiques the decline of transparency in reporting Western APTs. The hosts discuss the potential of AI in identifying software vulnerabilities and its implications for cybersecurity professionals. They also highlight the necessary collaboration between the public and private sectors to tackle evolving threats.
AI Snips
Chapters
Books
Transcript
Episode notes
Threat Actor Naming Issues
- Threat actor naming is inconsistent and can cause confusion in attribution.
- Customers demand simple names, but these can distort the complex reality of cyber threat actors.
APT Ops Fueled by Credential Brokers
- Russian APTs increasingly buy credentials from initial-access brokers rather than using complex malware.
- This efficiency and pragmatism redefine what advanced persistent threats entail today.
Lack of Western APT Reporting
- Western companies rarely publish reports exposing their own (friendly) APT operations.
- This skews public understanding of cyber threat landscapes and the role of Western actors.
