Jack Rhysider

And he was actively cleaning up the mess. Of course, any good threat actor is not going to go down without a fight. So while they'd block a domain or a command and control server, a new one would just spin up, and they had to keep blocking and updating their detection methods.

And he was actively cleaning up the mess. Of course, any good threat actor is not going to go down without a fight. So while they'd block a domain or a command and control server, a new one would just spin up, and they had to keep blocking and updating their detection methods.

And you know the goal for security isn't always to stop all the threats permanently, but instead just to make it as hard as you can for the bad guys to get in. Because it takes work to spin up new domains. It takes work to pull out a new zero day, to infect more systems. And it takes work to regain access once you get kicked out.

And you know the goal for security isn't always to stop all the threats permanently, but instead just to make it as hard as you can for the bad guys to get in. Because it takes work to spin up new domains. It takes work to pull out a new zero day, to infect more systems. And it takes work to regain access once you get kicked out.

So having this coordinated effort to shut them out started to exhaust the attacker's resources. And do they really want to put a lot more work and effort into getting back in? Or just move on to the next target?

So having this coordinated effort to shut them out started to exhaust the attacker's resources. And do they really want to put a lot more work and effort into getting back in? Or just move on to the next target?

There's a concept called the pyramid of pain when defending a network, and it's basically the more painful you can make it for the attackers to get in, the less likely they'll actually do it. You never will become fully secure, but at least you can make them work for it.

There's a concept called the pyramid of pain when defending a network, and it's basically the more painful you can make it for the attackers to get in, the less likely they'll actually do it. You never will become fully secure, but at least you can make them work for it.

So after a massive coordinated effort to clean up the government agencies and a big bank and critical infrastructure, they were able to successfully clear everything off and keep it off. In fact, they seem to have stopped the Conti ransomware attack before it actually triggered ransomware on any systems. It was only staging the ransom, but never actually executed it.

So after a massive coordinated effort to clean up the government agencies and a big bank and critical infrastructure, they were able to successfully clear everything off and keep it off. In fact, they seem to have stopped the Conti ransomware attack before it actually triggered ransomware on any systems. It was only staging the ransom, but never actually executed it.

Omar also looked to see if any data got exfiltrated from the network, but it didn't. So it doesn't seem like Russia or Dark Caracal stole any information out of the government. Did they disrupt critical infrastructure?

Omar also looked to see if any data got exfiltrated from the network, but it didn't. So it doesn't seem like Russia or Dark Caracal stole any information out of the government. Did they disrupt critical infrastructure?

Yeah, to control a dam or a water pump or electrical transformer, it doesn't use like a typical Windows computer or something. It's a different system called OT, which is operational technology, which is opposed to IT, information technology. And OT takes a completely different skill set.

Yeah, to control a dam or a water pump or electrical transformer, it doesn't use like a typical Windows computer or something. It's a different system called OT, which is operational technology, which is opposed to IT, information technology. And OT takes a completely different skill set.

And it sounds like whoever got into these systems didn't quite have the skill set to control OT systems, which was good that they didn't get disrupted. What a whirlwind story this was, huh? To have a government completely cracked open like that, with no way to stop the attackers, in my opinion at least, but then to gain back control of it and lock them out.

And it sounds like whoever got into these systems didn't quite have the skill set to control OT systems, which was good that they didn't get disrupted. What a whirlwind story this was, huh? To have a government completely cracked open like that, with no way to stop the attackers, in my opinion at least, but then to gain back control of it and lock them out.

Omar likes sharing this story with others so that they can be aware that this kind of stuff goes on in the world. And in fact, as I'm looking things up here, it seems like Venezuela also got targeted with the same group or groups.

Omar likes sharing this story with others so that they can be aware that this kind of stuff goes on in the world. And in fact, as I'm looking things up here, it seems like Venezuela also got targeted with the same group or groups.

So in 2022, Latin American countries were hit hard with these huge coordinated attack campaigns that may have been unstoppable due to the sophistication and breadth of the attack. And I wonder if Haiti got hit, you know? The president of Haiti has been assassinated and the place has a barely functioning government and it's kind of been taken over by gangs.

So in 2022, Latin American countries were hit hard with these huge coordinated attack campaigns that may have been unstoppable due to the sophistication and breadth of the attack. And I wonder if Haiti got hit, you know? The president of Haiti has been assassinated and the place has a barely functioning government and it's kind of been taken over by gangs.