CTI ‪@wizsecurity.bsky.social‬
Adjuct at @jhu.edu - SAIS
Nonresident Fellow at @atlanticcouncil.bsky.social - Cyber Statecraft
Previously NSC44, Mandiant, Google
Go Mammoths
Loading...
This is nothing short of a bombshell. One of the most trusted media groups in Indonesia has released a report on Russian and Chinese influence operations in Indonesian social media, which blamed local protests on deliberate U.S. meddling. 🧵
1/
Amherst/Weslyan/Williams
New from me and the @wizsecurity.bsky.social CIRT team. A novel suspected DPRK crypto targeting cluster. Their tactics are familiar (compromise via supply chain, job interviews) but their malware and infrastructure is different.
www.wiz.io/blog/threat-...
New TeamPCP operation targeting Durable Task SDK for Python via PyPl.
www.wiz.io/blog/durable...
I laundered my Amherst College contribution through the only 5-college team on the list (UMASS), but I had to do my part.
#GoMammoths
@edsbs.bsky.social @newap-georgia.bsky.social @hollyanderson.bsky.social
Russia and China consider new steps to expand their digital cooperation including on software development and satellite Internet and declare adherence to cyber norms. In this post, I review the relevant sections of the recent joint statement from Beijing
fromcyberia.substack.com/p/putin-and-...
Threat actor, JINX-0164, uses LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target crypto organizations.
After this week's Github breach, we checked in on hacker group TeamPCP's victim count: their supply chain attacks have tainted more than 500 pieces of software (a thousand-plus different version) and breached hundreds of companies. This is out of control.
www.wired.com/story/teampc...
Shame on the government of Zambia for buckling under Chinese government pressure over Taiwan and canceling this year’s @rightscon.org. www.rightscon.org/rc26-stateme...
Why do some states routinely target civilian systems and commit operational errors, risking escalation, while others pursue highly restrained and carefully calibrated cyber operations, investing enormous amounts of time and resource?
www.tandfonline.com/doi/full/10....
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Our official statement to the digital rights community about why RightsCon 2026 will not take place in Zambia
www.rightscon.org
The question of how states make operational decisions in cyber conflict is under-theorised. Much of existing scholarship has answered it within general frameworks of materialist and rationalist the...
Lotus Wiper was likely used to attack PDVSA
One important thing that the Kaspersky report omits is that pdvsa[.]com is hardcoded into OhSyncNow.bat, a file that triggers the wiping operation (HT @benread.bsky.social). This is used to limit the attack to the specified domain
1/11
The English version of the investigative report:
interaktif.tempo.co/proyek/opera...
Oleg Shakirov
interaktif.tempo.co
A number of Russia supporters accused the late-August 2025 demonstrations of being funded by the United States. The narrative was amplified by domestic actors. This report is part of the Indo-Pacific ...
Kaspersky discovered a new wiper uploaded from Venezuela in mid-December. The campaign likely targeted utilities and energy sector
Evidence suggests it was months in the making
There are no explicit links to previously reported incidents in Venezuela
securelist.com/tr/lotus-wip...
Yenni Kwok
Oleg Shakirov
A joint investigation by Tempo, Kompas, Suara, Tribunnews & Drone Emprit found pro-China & pro-Russian foreign influencers & media were involved in spreading conspiracy theories about anti-government protests in Indonesia in August 2025, primarily on X.
interaktif.tempo.co/proyek/opera...
interaktif.tempo.co
Sejumlah pendukung Rusia menuding demonstrasi akhir Agustus 2025 didanai oleh Amerika Serikat. Diamplifikasi oleh aktor domestik. Laporan ini bagian dari program Indo-Pasific Media Resilience yang did...
