Jack Rhysider

Was this financially motivated or politically motivated? This attribution wasn't exactly clear, and neither are the motives.

Was this financially motivated or politically motivated? This attribution wasn't exactly clear, and neither are the motives.

Does Lebanon and Dominican Republic have any relations?

Does Lebanon and Dominican Republic have any relations?

Hold on. How can the president of the Dominican Republic be from Lebanon? Let me look this up. Okay. His grandfather was born in Lebanon and moved to the Dominican Republic in the 1800s. It was not clear to me, at least, if he's still tied to Lebanon in any way, shape, or form. I mean, I couldn't even find out if he can speak Lebanese, you know?

Hold on. How can the president of the Dominican Republic be from Lebanon? Let me look this up. Okay. His grandfather was born in Lebanon and moved to the Dominican Republic in the 1800s. It was not clear to me, at least, if he's still tied to Lebanon in any way, shape, or form. I mean, I couldn't even find out if he can speak Lebanese, you know?

But it seems like only weeks after he was elected as president is when this attack happened. So maybe this has something to do with Lebanon sending a message to the president. My mind is spinning here, and I don't want to make any wild assumptions.

But it seems like only weeks after he was elected as president is when this attack happened. So maybe this has something to do with Lebanon sending a message to the president. My mind is spinning here, and I don't want to make any wild assumptions.

At the very least, I'm reminded of how Costa Rica's president declared war on Conti, and now I can see that that's not so far-fetched of an idea anymore.

At the very least, I'm reminded of how Costa Rica's president declared war on Conti, and now I can see that that's not so far-fetched of an idea anymore.

At this point, Omar had a very good understanding of this campaign and malware, and he even reverse-engineered some of the malware, inspected it for clues, and looked at their command and control servers, and had a full map of where the infections were and how they were moving around the network.

At this point, Omar had a very good understanding of this campaign and malware, and he even reverse-engineered some of the malware, inspected it for clues, and looked at their command and control servers, and had a full map of where the infections were and how they were moving around the network.

On top of that, vendors started to improve their systems, issuing patches and updates and better ways to detect this. So he got together with all the teams inside the agencies that were infected and explained the remediation process. Step by step, he walked them through how to remove this and stop this from happening again. And he also called the ISP to have them block certain domains.

On top of that, vendors started to improve their systems, issuing patches and updates and better ways to detect this. So he got together with all the teams inside the agencies that were infected and explained the remediation process. Step by step, he walked them through how to remove this and stop this from happening again. And he also called the ISP to have them block certain domains.

And he was actively cleaning up the mess. Of course, any good threat actor is not going to go down without a fight. So while they'd block a domain or a command and control server, a new one would just spin up, and they had to keep blocking and updating their detection methods.

And he was actively cleaning up the mess. Of course, any good threat actor is not going to go down without a fight. So while they'd block a domain or a command and control server, a new one would just spin up, and they had to keep blocking and updating their detection methods.

And you know the goal for security isn't always to stop all the threats permanently, but instead just to make it as hard as you can for the bad guys to get in. Because it takes work to spin up new domains. It takes work to pull out a new zero day, to infect more systems. And it takes work to regain access once you get kicked out.

And you know the goal for security isn't always to stop all the threats permanently, but instead just to make it as hard as you can for the bad guys to get in. Because it takes work to spin up new domains. It takes work to pull out a new zero day, to infect more systems. And it takes work to regain access once you get kicked out.

So having this coordinated effort to shut them out started to exhaust the attacker's resources. And do they really want to put a lot more work and effort into getting back in? Or just move on to the next target?

So having this coordinated effort to shut them out started to exhaust the attacker's resources. And do they really want to put a lot more work and effort into getting back in? Or just move on to the next target?