སྟོན་རྐྱངམ་ཅིག་
0:08
S… Speaker 1 (2026-04-09 08-19-31)
In this video,
0:09
S… Speaker 1 (2026-04-09 08-19-31)
we'll talk about sector ISACs,
0:11
S… Speaker 2 (2026-04-09 08-19-31)
government partnerships,
0:12
S… Speaker 1 (2026-04-09 08-19-31)
and information sharing protocols.
0:14
S… Speaker 1 (2026-04-09 08-19-31)
These are the backbone of collaborative cyber defense.
0:17
S… Speaker 1 (2026-04-09 08-19-31)
We'll explore how ISACs originated,
0:20
S… Speaker 1 (2026-04-09 08-19-31)
how they operate behind the scenes,
0:22
S… Speaker 1 (2026-04-09 08-19-31)
and how government agencies partner with industry to protect critical infrastructure.
0:26
S… Speaker 1 (2026-04-09 08-19-31)
Then we'll break down the technical foundations of information sharing,
0:29
S… Speaker 1 (2026-04-09 08-19-31)
including STIX,
0:30
S… Speaker 1 (2026-04-09 08-19-31)
TAXI,
0:31
S… Speaker 1 (2026-04-09 08-19-31)
and TOP, and show how they come together in real -world tools like SEAMs,
0:35
S… Speaker 1 (2026-04-09 08-19-31)
TIPS,
0:36
S… Speaker 1 (2026-04-09 08-19-31)
and SOAR platforms.
0:38
S… Speaker 1 (2026-04-09 08-19-31)
Finally, we'll talk through real -world examples like SolarWinds and Colonial Pipeline.
0:41
S… Speaker 1 (2026-04-09 08-19-31)
This way,
0:43
S… Speaker 1 (2026-04-09 08-19-31)
we can see how coordination plays out when it matters most.
0:46
S… Speaker 1 (2026-04-09 08-19-31)
We'll finish with guidance so that you can apply this in your own environment.
0:49
S… Speaker 1 (2026-04-09 08-19-31)
Information Sharing and Analysis Centers,
0:51
S… Speaker 1 (2026-04-09 08-19-31)
or ISACs,
0:52
S… Speaker 1 (2026-04-09 08-19-31)
were created to help protect critical infrastructure through trusted sector -specific
0:57
S… Speaker 1 (2026-04-09 08-19-31)
collaboration.
0:57
S… Speaker 1 (2026-04-09 08-19-31)
They were originally established by a presidential decision directive
1:01
S… Speaker 1 (2026-04-09 08-19-31)
signed by Bill Clinton,
1:03
S… Speaker 1 (2026-04-09 08-19-31)
which called for greater public -private cooperation on cybersecurity and
1:07
S… Speaker 1 (2026-04-09 08-19-31)
infrastructure protection.
1:09
S… Speaker 1 (2026-04-09 08-19-31)
ISACs are typically non -profit,
1:11
S… Speaker 1 (2026-04-09 08-19-31)
member -driven organizations that are designed to enable threat sharing,
1:15
S… Speaker 1 (2026-04-09 08-19-31)
situational awareness,
1:16
S… Speaker 1 (2026-04-09 08-19-31)
and collective defense across key sectors.
1:18
S… Speaker 1 (2026-04-09 08-19-31)
Today,
1:19
S… Speaker 1 (2026-04-09 08-19-31)
nearly every major industry has one.
1:21
S… Speaker 1 (2026-04-09 08-19-31)
The Financial Services ISAC,
1:23
S… Speaker 1 (2026-04-09 08-19-31)
the Health ISAC,
1:24
S… Speaker 1 (2026-04-09 08-19-31)
the Energy ISAC,
1:26
S… Speaker 1 (2026-04-09 08-19-31)
the IT ISAC,
1:27
S… Speaker 1 (2026-04-09 08-19-31)
and the Auto ISAC.
1:28
S… Speaker 1 (2026-04-09 08-19-31)
There's even the MS ISAC for U .S.
1:31
S… Speaker 1 (2026-04-09 08-19-31)
state and local governments,
1:32
S… Speaker 1 (2026-04-09 08-19-31)
and the Aviation ISAC for airlines and airports.
1:35
S… Speaker 1 (2026-04-09 08-19-31)
Each of these serves as a hub for information exchange and incident coordination within
1:39
S… Speaker 1 (2026-04-09 08-19-31)
each sector,
1:40
S… Speaker 1 (2026-04-09 08-19-31)
helping members stay ahead of emerging threats.
1:42
S… Speaker 1 (2026-04-09 08-19-31)
How do ISACs actually operate?
1:45
S… Speaker 1 (2026-04-09 08-19-31)
It all starts with threat data ingestion.
1:48
S… Speaker 1 (2026-04-09 08-19-31)
This can come from member organizations,
1:50
S… Speaker 2 (2026-04-09 08-19-31)
government partners,
1:51
S… Speaker 1 (2026-04-09 08-19-31)
open sources,
1:52
S… Speaker 1 (2026-04-09 08-19-31)
technical platforms,
1:53
S… Speaker 1 (2026-04-09 08-19-31)
and even real -time intelligence feeds.
1:56
S… Speaker 1 (2026-04-09 08-19-31)
From there the data is processed and enriched by ISAC analysts,
2:00
S… Speaker 1 (2026-04-09 08-19-31)
many of which hold government clearances.
2:02
S… Speaker 1 (2026-04-09 08-19-31)
They add context,
2:04
S… Speaker 1 (2026-04-09 08-19-31)
validate sources,
2:05
S… Speaker 1 (2026-04-09 08-19-31)
and often correlate information across incidents or members.
2:08
S… Speaker 1 (2026-04-09 08-19-31)
Once the data is vetted,
2:11
S… Speaker 1 (2026-04-09 08-19-31)
that enriched intelligence is redistributed back to the members.
2:14
S… Speaker 1 (2026-04-09 08-19-31)
This comes in the forms of alerts,
2:16
S… Speaker 2 (2026-04-09 08-19-31)
reports,
2:17
S… Speaker 1 (2026-04-09 08-19-31)
bulletins,
2:17
S… Speaker 1 (2026-04-09 08-19-31)
and sometimes automated threat feeds.
2:20
S… Speaker 1 (2026-04-09 08-19-31)
The result is a two -way flow of information where members contribute intel and receive
2:24
S… Speaker 1 (2026-04-09 08-19-31)
actionable insights in return.
2:27
S… Speaker 1 (2026-04-09 08-19-31)
Government partnerships play a critical role in bridging public and private sectors
2:31
S… Speaker 1 (2026-04-09 08-19-31)
in cybersecurity.
2:31
S… Speaker 1 (2026-04-09 08-19-31)
These relationships allow for rapid sharing of both classified and
2:35
S… Speaker 1 (2026-04-09 08-19-31)
unclassified threat data.
2:37
S… Speaker 1 (2026-04-09 08-19-31)
It helps organizations stay ahead of evolving threats while improving national
2:41
S… Speaker 1 (2026-04-09 08-19-31)
cyber resilience.
2:42
S… Speaker 1 (2026-04-09 08-19-31)
It's not just about intelligence.
2:44
S… Speaker 1 (2026-04-09 08-19-31)
It's about mutual coordination during incidents,
2:47
S… Speaker 1 (2026-04-09 08-19-31)
supporting resilience and recovery efforts,
2:49
S… Speaker 1 (2026-04-09 08-19-31)
and aligning on best practices.
2:51
S… Speaker 1 (2026-04-09 08-19-31)
Some of the key federal players include CISA.
2:54
S… Speaker 1 (2026-04-09 08-19-31)
They're the lead civilian cybersecurity directorate.
2:57
S… Speaker 1 (2026-04-09 08-19-31)
Their main focus is nation -state threats.
3:00
S… Speaker 1 (2026-04-09 08-19-31)
With FBI InfoGuard,
3:02
S… Speaker 1 (2026-04-09 08-19-31)
they connect private sector partners with federal investigators.
3:05
S… Speaker 1 (2026-04-09 08-19-31)
The Department of Defense and DC -3 are used for defense sector intelligence.
3:09
S… Speaker 1 (2026-04-09 08-19-31)
There are other sector -specific agencies like the Department of Energy,
3:13
S… Speaker 1 (2026-04-09 08-19-31)
Health and Human Services,
3:15
S… Speaker 1 (2026-04-09 08-19-31)
the Department of Transportation,
3:17
S… Speaker 1 (2026-04-09 08-19-31)
and the Treasury.
3:18
S… Speaker 1 (2026-04-09 08-19-31)
We should also mention the Secret Service through its electronic crimes task forces and
3:22
S… Speaker 1 (2026-04-09 08-19-31)
cyber fraud task forces.
3:24
S… Speaker 1 (2026-04-09 08-19-31)
These partnerships help extend visibility,
3:26
S… Speaker 1 (2026-04-09 08-19-31)
speed up information flow,
3:28
S… Speaker 1 (2026-04-09 08-19-31)
and strengthen defense across critical infrastructure.
3:30
S… Speaker 1 (2026-04-09 08-19-31)
This slide shows how threat intelligence moves through a modern sharing
3:34
S… Speaker 1 (2026-04-09 08-19-31)
and integration pipeline.
3:35
S… Speaker 2 (2026-04-09 08-19-31)
First,
3:37
S… Speaker 1 (2026-04-09 08-19-31)
STIX -formatted data,
3:38
S… Speaker 1 (2026-04-09 08-19-31)
like this example indicator,
3:39
S… Speaker 1 (2026-04-09 08-19-31)
gets labeled with TLP metadata to control how widely it can be
3:43
S… Speaker 1 (2026-04-09 08-19-31)
distributed.
3:44
S… Speaker 1 (2026-04-09 08-19-31)
The STIX package is then transmitted via taxi,
3:47
S… Speaker 1 (2026-04-09 08-19-31)
a trusted transport mechanism.
3:48
S… Speaker 1 (2026-04-09 08-19-31)
It goes from a taxi server to a taxi client and into your tooling environment.
3:53
S… Speaker 1 (2026-04-09 08-19-31)
This is often a scene like Splunk or Elastic.
3:56
S… Speaker 1 (2026-04-09 08-19-31)
This is where the real operational value kicks in.
3:59
S… Speaker 1 (2026-04-09 08-19-31)
That threat intel can now trigger detections,
4:02
S… Speaker 1 (2026-04-09 08-19-31)
enrich alerts,
4:03
S… Speaker 1 (2026-04-09 08-19-31)
or inform automated responses.
4:04
S… Speaker 1 (2026-04-09 08-19-31)
The same flow also feeds into threat intel platforms like MISP,
4:09
S… Speaker 2 (2026-04-09 08-19-31)
ThreatConnect,
4:10
S… Speaker 2 (2026-04-09 08-19-31)
or Anomaly.
4:11
S… Speaker 1 (2026-04-09 08-19-31)
And it can also be used in SOAR platforms for orchestrated remediation.
4:15
S… Speaker 2 (2026-04-09 08-19-31)
In short,
4:16
S… Speaker 1 (2026-04-09 08-19-31)
you're getting trusted data that's delivered securely into tools that matter,
4:19
S… Speaker 2 (2026-04-09 08-19-31)
automatically.
4:21
S… Speaker 1 (2026-04-09 08-19-31)
Let's take a look at how these information -sharing protocols and partnerships come
4:25
S… Speaker 1 (2026-04-09 08-19-31)
together during real -world incidents.
4:27
S… Speaker 2 (2026-04-09 08-19-31)
First,
4:28
S… Speaker 1 (2026-04-09 08-19-31)
we'll talk about SolarWinds in 2020.
4:29
S… Speaker 1 (2026-04-09 08-19-31)
The NSA was one of the first to detect suspicious lateral
4:34
S… Speaker 1 (2026-04-09 08-19-31)
movement inside their networks.
4:35
S… Speaker 1 (2026-04-09 08-19-31)
Not long after this,
4:38
S… Speaker 1 (2026-04-09 08-19-31)
Microsoft and FireEye uncovered that this was part of a highly sophisticated supply
4:42
S… Speaker 1 (2026-04-09 08-19-31)
chain attack,
4:43
S… Speaker 1 (2026-04-09 08-19-31)
now known as Sunburst.
4:44
S… Speaker 1 (2026-04-09 08-19-31)
CISA stepped in to coordinate a government -wide response,
4:48
S… Speaker 1 (2026-04-09 08-19-31)
issuing alerts and mitigation strategies.
4:50
S… Speaker 2 (2026-04-09 08-19-31)
And more importantly,
4:52
S… Speaker 1 (2026-04-09 08-19-31)
Styx packages containing indicators of compromise were shared quickly
4:56
S… Speaker 1 (2026-04-09 08-19-31)
through TensorFlow for taxi servers,
4:57
S… Speaker 1 (2026-04-09 08-19-31)
allowing security teams across sectors
5:00
S… Speaker 2 (2026-04-09 08-19-31)
to hunt for and detect malicious activity in their own environments.
5:03
S… Speaker 1 (2026-04-09 08-19-31)
Next,
5:04
S… Speaker 2 (2026-04-09 08-19-31)
we'll jump to 2021 with the Colonial Pipeline.
5:06
S… Speaker 2 (2026-04-09 08-19-31)
As ransomware hit a major energy provider,
5:09
S… Speaker 2 (2026-04-09 08-19-31)
the FS -ISAC rapidly distributed threat intelligence related
5:13
S… Speaker 2 (2026-04-09 08-19-31)
to dark side to financial institutions.
5:14
S… Speaker 2 (2026-04-09 08-19-31)
The MS -ISAC provided guidance directly to state,
5:18
S… Speaker 2 (2026-04-09 08-19-31)
local, tribal,
5:19
S… Speaker 2 (2026-04-09 08-19-31)
and territorial governments.
5:20
S… Speaker 2 (2026-04-09 08-19-31)
This is what we call SLTT agencies.
5:24
S… Speaker 1 (2026-04-09 08-19-31)
And again,
5:24
S… Speaker 2 (2026-04-09 08-19-31)
Seesaw and DHS played a central role,
5:27
S… Speaker 2 (2026-04-09 08-19-31)
organizing private briefings with utility providers to keep critical infrastructure
5:31
S… Speaker 2 (2026-04-09 08-19-31)
ahead of the threat.
5:32
S… Speaker 2 (2026-04-09 08-19-31)
These cases show the real value of structured intelligence sharing.
5:36
S… Speaker 2 (2026-04-09 08-19-31)
Whether it's by pushing STIX indicators through TAXI or flagging critical alerts
5:40
S… Speaker 2 (2026-04-09 08-19-31)
under the right TLP label,
5:41
S… Speaker 2 (2026-04-09 08-19-31)
the combination of public -private partnerships and automated tools helps
5:46
S… Speaker 2 (2026-04-09 08-19-31)
us to respond faster and smarter.
5:47
S… Speaker 2 (2026-04-09 08-19-31)
What should you do with all of this as an analyst?
5:50
S… Speaker 1 (2026-04-09 08-19-31)
First,
5:50
S… Speaker 2 (2026-04-09 08-19-31)
if you're able to,
5:51
S… Speaker 2 (2026-04-09 08-19-31)
join an ISAC that's relevant to your sector.
5:53
S… Speaker 2 (2026-04-09 08-19-31)
These organizations are the backbone of cross -sector intelligence sharing.
5:57
S… Speaker 1 (2026-04-09 08-19-31)
Secondly,
5:58
S… Speaker 2 (2026-04-09 08-19-31)
you don't want your information sharing to be manual.
6:00
S… Speaker 2 (2026-04-09 08-19-31)
Set up automated sharing pipelines using taxi servers and sticks speeds things
6:04
S… Speaker 2 (2026-04-09 08-19-31)
up, especially if your team is short on time or staff.
6:07
S… Speaker 1 (2026-04-09 08-19-31)
Third,
6:08
S… Speaker 2 (2026-04-09 08-19-31)
configure your threat intel platforms to actively pull sticks data over taxi
6:12
S… Speaker 2 (2026-04-09 08-19-31)
so your indicators are always fresh.
6:15
S… Speaker 1 (2026-04-09 08-19-31)
Fourth,
6:15
S… Speaker 2 (2026-04-09 08-19-31)
bring all that intel into your tools,
6:17
S… Speaker 2 (2026-04-09 08-19-31)
whether you're using Splunk,
6:19
S… Speaker 2 (2026-04-09 08-19-31)
Elastic,
6:19
S… Speaker 2 (2026-04-09 08-19-31)
or some other scene.
6:20
S… Speaker 2 (2026-04-09 08-19-31)
And make sure MISP or similar feeds are integrated into your detection pipelines.
6:25
S… Speaker 2 (2026-04-09 08-19-31)
And finally,
6:26
S… Speaker 2 (2026-04-09 08-19-31)
remember this isn't just about technology,
6:28
S… Speaker 2 (2026-04-09 08-19-31)
it's about people.
6:29
S… Speaker 2 (2026-04-09 08-19-31)
You want to build trust relationships and share intelligence when it matters.
6:32
S… Speaker 2 (2026-04-09 08-19-31)
The value of information increases the moment it's shared with somebody that
6:37
S… Speaker 2 (2026-04-09 08-19-31)
can meaningfully act on it.
6:38
S… Speaker 1 (2026-04-09 08-19-31)
In
6:48
S… Speaker 2 (2026-04-09 08-19-31)
this video, we're diving deep into two of the most impactful cyber operations of the past decade.
6:52
S… Speaker 2 (2026-04-09 08-19-31)
The SolarWinds supply chain compromise and the NotPetya attack.
6:56
S… Speaker 2 (2026-04-09 08-19-31)
We'll break down each incident through a cyber intelligence lens.
6:59
S… Speaker 2 (2026-04-09 08-19-31)
We'll look at the adversaries behind the attacks,
7:02
S… Speaker 2 (2026-04-09 08-19-31)
their tactics and techniques,
7:03
S… Speaker 2 (2026-04-09 08-19-31)
and how intelligence was applied at every level.
7:06
S… Speaker 2 (2026-04-09 08-19-31)
from raw indicators to national security strategy.
7:09
S… Speaker 2 (2026-04-09 08-19-31)
You'll see how attribution,
7:12
S… Speaker 2 (2026-04-09 08-19-31)
sharing, and collaboration played out in real time and also where
7:16
S… Speaker 1 (2026-04-09 08-19-31)
things went wrong.
7:17
S… Speaker 2 (2026-04-09 08-19-31)
Most importantly,
7:18
S… Speaker 2 (2026-04-09 08-19-31)
we'll extract the lessons that every analyst,
7:20
S… Speaker 2 (2026-04-09 08-19-31)
hunter, and defender should carry forward.
7:23
S… Speaker 2 (2026-04-09 08-19-31)
Let's jump into the real -world application of CTI and see what
7:27
S… Speaker 2 (2026-04-09 08-19-31)
it takes to turn information into action.
7:29
S… Speaker 2 (2026-04-09 08-19-31)
Let's start with the background.
7:30
S… Speaker 2 (2026-04-09 08-19-31)
The SolarWinds Orion platform is a widely used IT monitoring
7:34
S… Speaker 2 (2026-04-09 08-19-31)
and management tool.
7:36
S… Speaker 2 (2026-04-09 08-19-31)
It's trusted by over 30 ,000 organizations,
7:38
S… Speaker 2 (2026-04-09 08-19-31)
including multiple U .S.
7:40
S… Speaker 2 (2026-04-09 08-19-31)
federal agencies.
7:41
S… Speaker 2 (2026-04-09 08-19-31)
In December 2020,
7:44
S… Speaker 2 (2026-04-09 08-19-31)
FIRE discovered that they had been compromised not through a phishing email,
7:47
S… Speaker 2 (2026-04-09 08-19-31)
not through a brute force attack,
7:49
S… Speaker 2 (2026-04-09 08-19-31)
but through a supply chain backdoor that had been embedded in a legitimate Orion
7:53
S… Speaker 2 (2026-04-09 08-19-31)
software update.
7:54
S… Speaker 2 (2026-04-09 08-19-31)
This malware was later named Sunburst.
7:57
S… Speaker 2 (2026-04-09 08-19-31)
It had been quietly distributed to customers through trusted update channels.
8:01
S… Speaker 2 (2026-04-09 08-19-31)
The operation was eventually attributed to APT -29,
8:05
S… Speaker 2 (2026-04-09 08-19-31)
also known as Cozy Bear.
8:07
S… Speaker 2 (2026-04-09 08-19-31)
Cozy Bear is a Russian state -sponsored threat group with
8:11
S… Speaker 2 (2026-04-09 08-19-31)
a history of cyber espionage targeting Western governments.
8:14
S… Speaker 2 (2026-04-09 08-19-31)
Here's how the attack unfolded.
8:16
S… Speaker 2 (2026-04-09 08-19-31)
It began in September 2019 when APT -29 gained initial
8:20
S… Speaker 2 (2026-04-09 08-19-31)
access to the SolarWinds environment.
8:22
S… Speaker 2 (2026-04-09 08-19-31)
By March 2020,
8:23
S… Speaker 2 (2026-04-09 08-19-31)
they had successfully modified a legitimate Orion software update,
8:27
S… Speaker 2 (2026-04-09 08-19-31)
injecting the Sunburst backdoor into the supply chain.
8:30
S… Speaker 2 (2026-04-09 08-19-31)
This update was then digitally signed and distributed to thousands of SolarWinds
8:34
S… Speaker 1 (2026-04-09 08-19-31)
customers.
8:35
S… Speaker 2 (2026-04-09 08-19-31)
The campaign remained undetected for months until December
8:39
S… Speaker 2 (2026-04-09 08-19-31)
2020, when FireEye discovered the compromise during an internal investigation.
8:43
S… Speaker 2 (2026-04-09 08-19-31)
This led to a rapid series of public disclosures and coordinated incident
8:47
S… Speaker 2 (2026-04-09 08-19-31)
response efforts across government and private industries.
8:51
S… Speaker 2 (2026-04-09 08-19-31)
The actors behind the SolarWinds Compromise were identified as APT29,
8:56
S… Speaker 2 (2026-04-09 08-19-31)
also known as Cozy Bear,
8:57
S… Speaker 2 (2026-04-09 08-19-31)
as mentioned before.
8:58
S… Speaker 2 (2026-04-09 08-19-31)
This group is linked to Russia's foreign intelligence service,
9:01
S… Speaker 2 (2026-04-09 08-19-31)
the SVR.
9:02
S… Speaker 2 (2026-04-09 08-19-31)
It's no stranger to high -profile espionage campaigns.
9:05
S… Speaker 2 (2026-04-09 08-19-31)
This threat group had also been previously tied to the 2016
9:09
S… Speaker 2 (2026-04-09 08-19-31)
breach of the Democratic National Committee and are well regarded,
9:13
S… Speaker 2 (2026-04-09 08-19-31)
unfortunately,
9:14
S… Speaker 2 (2026-04-09 08-19-31)
for their stealth,
9:15
S… Speaker 2 (2026-04-09 08-19-31)
patience, and operational discipline.
9:17
S… Speaker 2 (2026-04-09 08-19-31)
APT29 is known for maintaining long dwell times in victim environments.
9:22
S… Speaker 2 (2026-04-09 08-19-31)
They often go unnoticed for months.
9:24
S… Speaker 2 (2026-04-09 08-19-31)
Their campaigns typically prioritize intelligence collection over disruption,
9:27
S… Speaker 2 (2026-04-09 08-19-31)
and they often employ strong OPSEC to avoid detection and attribution.
9:31
S… Speaker 2 (2026-04-09 08-19-31)
Let's break down some of the TTP's APT29 used during the SolarWinds
9:36
S… Speaker 1 (2026-04-09 08-19-31)
compromise.
9:36
S… Speaker 2 (2026-04-09 08-19-31)
First and foremost,
9:38
S… Speaker 2 (2026-04-09 08-19-31)
this was a sophisticated supply chain attack.
9:42
S… Speaker 2 (2026-04-09 08-19-31)
APT -29 compromised the build process of SolarWinds Orion software
9:46
S… Speaker 2 (2026-04-09 08-19-31)
to distribute a trojanized update.
9:48
S… Speaker 2 (2026-04-09 08-19-31)
This update was known as Sunburst,
9:50
S… Speaker 2 (2026-04-09 08-19-31)
and it was distributed to thousands of downstream victims.
9:53
S… Speaker 1 (2026-04-09 08-19-31)
Once inside,
9:55
S… Speaker 2 (2026-04-09 08-19-31)
they escalated using SAML token forgery,
9:58
S… Speaker 2 (2026-04-09 08-19-31)
allowing them to impersonate...
10:00
S… Speaker 2 (2026-04-09 08-19-31)
privileged users and moved laterally across networks.
10:02
S… Speaker 2 (2026-04-09 08-19-31)
They made heavy use of Windows tools,
10:04
S… Speaker 2 (2026-04-09 08-19-31)
a hallmark of living off the land binaries or law pass,
10:07
S… Speaker 2 (2026-04-09 08-19-31)
to blend in with legitimate activity and to reduce detection.
10:10
S… Speaker 2 (2026-04-09 08-19-31)
And for command and control,
10:12
S… Speaker 2 (2026-04-09 08-19-31)
they communicated over HTTPS,
10:14
S… Speaker 2 (2026-04-09 08-19-31)
disguising their traffic to look like normal web browsing.
10:17
S… Speaker 2 (2026-04-09 08-19-31)
This helped them to maintain persistence and evade monitoring tools.
10:20
S… Speaker 2 (2026-04-09 08-19-31)
Altogether,
10:21
S… Speaker 2 (2026-04-09 08-19-31)
these tactics demonstrate a highly advanced actor,
10:24
S… Speaker 2 (2026-04-09 08-19-31)
focused on stealth,
10:25
S… Speaker 2 (2026-04-09 08-19-31)
privilege escalation,
10:26
S… Speaker 2 (2026-04-09 08-19-31)
and intelligence collection.
10:28
S… Speaker 2 (2026-04-09 08-19-31)
Let's look at how the SolarWinds incident touches each level of threat intelligence.
10:33
S… Speaker 1 (2026-04-09 08-19-31)
At the strategic level,
10:34
S… Speaker 2 (2026-04-09 08-19-31)
this compromise had massive national security implications.
10:37
S… Speaker 2 (2026-04-09 08-19-31)
It raised concerns about vendor trust,
10:39
S… Speaker 2 (2026-04-09 08-19-31)
supply chain integrity,
10:40
S… Speaker 2 (2026-04-09 08-19-31)
and foreign espionage targeting government networks.
10:43
S… Speaker 2 (2026-04-09 08-19-31)
It impacted policy and investment in software assurance.
10:46
S… Speaker 1 (2026-04-09 08-19-31)
At the operational level,
10:48
S… Speaker 2 (2026-04-09 08-19-31)
analysts worked to identify and track command and control infrastructure using the
10:52
S… Speaker 1 (2026-04-09 08-19-31)
campaign.
10:53
S… Speaker 2 (2026-04-09 08-19-31)
This helped offenders disrupt communications and monitor for signs of activity.
10:57
S… Speaker 2 (2026-04-09 08-19-31)
On the tactical level,
10:58
S… Speaker 2 (2026-04-09 08-19-31)
we mapped observed behaviors and tools such as token forgery and law pass usage
11:02
S… Speaker 2 (2026-04-09 08-19-31)
against a minor attack framework to better understand adversary tradecraft and
11:07
S… Speaker 2 (2026-04-09 08-19-31)
detection opportunities.
11:08
S… Speaker 2 (2026-04-09 08-19-31)
And finally,
11:09
S… Speaker 1 (2026-04-09 08-19-31)
at the technical level,
11:10
S… Speaker 2 (2026-04-09 08-19-31)
a wide range of indicators of compromise,
11:12
S… Speaker 2 (2026-04-09 08-19-31)
including file hashes,
11:14
S… Speaker 2 (2026-04-09 08-19-31)
malicious domains,
11:15
S… Speaker 2 (2026-04-09 08-19-31)
SSL cert fingerprints,
11:17
S… Speaker 2 (2026-04-09 08-19-31)
and IP addresses were shared and ingested into defensive tools for
11:21
S… Speaker 2 (2026-04-09 08-19-31)
alerting and blocking.
11:22
S… Speaker 2 (2026-04-09 08-19-31)
This case study shows how a single incident can generate actionable insights across
11:26
S… Speaker 2 (2026-04-09 08-19-31)
every level of intelligence,
11:28
S… Speaker 2 (2026-04-09 08-19-31)
from policy to packet.
11:29
S… Speaker 2 (2026-04-09 08-19-31)
The response to the SolarWinds attack is a textbook example of
11:33
S… Speaker 2 (2026-04-09 08-19-31)
CDI collaboration done right.
11:35
S… Speaker 2 (2026-04-09 08-19-31)
FireEye,
11:36
S… Speaker 2 (2026-04-09 08-19-31)
who first detected the intrusion,
11:38
S… Speaker 2 (2026-04-09 08-19-31)
coordinated with CISA,
11:39
S… Speaker 2 (2026-04-09 08-19-31)
Microsoft,
11:40
S… Speaker 2 (2026-04-09 08-19-31)
and Velexity.
11:41
S… Speaker 2 (2026-04-09 08-19-31)
These organizations pulled their files together,
11:43
S… Speaker 2 (2026-04-09 08-19-31)
combining endpoint forensics,
11:45
S… Speaker 2 (2026-04-09 08-19-31)
malware reverse engineering,
11:47
S… Speaker 2 (2026-04-09 08-19-31)
and infrastructure tracking.
11:48
S… Speaker 2 (2026-04-09 08-19-31)
Indicators of compromise and behavioral detections were shared in real -time using
11:53
S… Speaker 2 (2026-04-09 08-19-31)
sticks and taxi formats,
11:54
S… Speaker 2 (2026-04-09 08-19-31)
and many were made publicly available via GitHub to help defenders rapidly
11:58
S… Speaker 1 (2026-04-09 08-19-31)
respond.
12:00
S… Speaker 2 (2026-04-09 08-19-31)
The Traffic Light Protocol also played a vital role in coordinating this effort,
12:04
S… Speaker 2 (2026-04-09 08-19-31)
starting with TLP Red High Trust discussions,
12:07
S… Speaker 2 (2026-04-09 08-19-31)
then expanding to TLP Amber for internal use,
12:10
S… Speaker 2 (2026-04-09 08-19-31)
and finally moving to TLP White,
12:12
S… Speaker 2 (2026-04-09 08-19-31)
allowing open public disclosure and defense.
12:15
S… Speaker 2 (2026-04-09 08-19-31)
This is a real -world demonstration of what can happen when
12:19
S… Speaker 2 (2026-04-09 08-19-31)
vendors, government agencies,
12:21
S… Speaker 2 (2026-04-09 08-19-31)
and researchers share intelligence at scale.
12:24
S… Speaker 2 (2026-04-09 08-19-31)
intelligence that is coordinated,
12:25
S… Speaker 1 (2026-04-09 08-19-31)
structured,
12:26
S… Speaker 1 (2026-04-09 08-19-31)
and quickly shared.
12:27
S… Speaker 2 (2026-04-09 08-19-31)
The SolarWinds compromise left the cybersecurity community with several critical lessons.
12:32
S… Speaker 1 (2026-04-09 08-19-31)
First,
12:32
S… Speaker 2 (2026-04-09 08-19-31)
CTI must include vendor trust models.
12:35
S… Speaker 2 (2026-04-09 08-19-31)
Traditional threat intelligence often focuses on external actors,
12:39
S… Speaker 2 (2026-04-09 08-19-31)
but the case showed that the vendors can become threat vectors.
12:42
S… Speaker 2 (2026-04-09 08-19-31)
Supply chain risk must be a part of our threat modeling going
12:46
S… Speaker 1 (2026-04-09 08-19-31)
forward.
12:47
S… Speaker 1 (2026-04-09 08-19-31)
Second,
12:47
S… Speaker 2 (2026-04-09 08-19-31)
detection requires more than just malware signatures.
12:51
S… Speaker 2 (2026-04-09 08-19-31)
APT29 used native tools and legitimate channels to move through networks.
12:55
S… Speaker 2 (2026-04-09 08-19-31)
Without deep telemetry across authentication,
12:58
S… Speaker 2 (2026-04-09 08-19-31)
cloud,
12:59
S… Speaker 2 (2026-04-09 08-19-31)
and endpoint, this activity could have gone unnoticed for even longer.
13:02
S… Speaker 2 (2026-04-09 08-19-31)
And third,
13:03
S… Speaker 2 (2026-04-09 08-19-31)
attribution matters.
13:04
S… Speaker 2 (2026-04-09 08-19-31)
Linking the campaign to APT29 and the Russian SBR shaped
13:09
S… Speaker 1 (2026-04-09 08-19-31)
how the U .S.
13:10
S… Speaker 2 (2026-04-09 08-19-31)
government and private sector responded.
13:12
S… Speaker 2 (2026-04-09 08-19-31)
It influenced sanctions,
13:14
S… Speaker 2 (2026-04-09 08-19-31)
diplomatic posture,
13:15
S… Speaker 2 (2026-04-09 08-19-31)
and public trust.
13:15
S… Speaker 1 (2026-04-09 08-19-31)
The takeaway?
13:17
S… Speaker 2 (2026-04-09 08-19-31)
Threat intelligence isn't just about indicators.
13:19
S… Speaker 2 (2026-04-09 08-19-31)
It's about context,
13:20
S… Speaker 2 (2026-04-09 08-19-31)
relationships,
13:21
S… Speaker 2 (2026-04-09 08-19-31)
and oftentimes consequences.
13:23
S… Speaker 2 (2026-04-09 08-19-31)
Our second case study takes us to June 2017,
13:27
S… Speaker 2 (2026-04-09 08-19-31)
when a global cyber attack at first glance looked just like a ransomware
13:31
S… Speaker 1 (2026-04-09 08-19-31)
campaign.
13:31
S… Speaker 2 (2026-04-09 08-19-31)
The attack primarily targeted Ukrainian organizations leveraging
13:35
S… Speaker 2 (2026-04-09 08-19-31)
a software supply chain compromise via Medoc,
13:38
S… Speaker 2 (2026-04-09 08-19-31)
a popular tax accounting platform.
13:40
S… Speaker 2 (2026-04-09 08-19-31)
Victims were presented with a familiar ransom demand.
13:43
S… Speaker 2 (2026-04-09 08-19-31)
Send us your Bitcoin to recover your files.
13:47
S… Speaker 1 (2026-04-09 08-19-31)
But as researchers quickly discovered,
13:49
S… Speaker 2 (2026-04-09 08-19-31)
the encryption keys were non -functional.
13:51
S… Speaker 2 (2026-04-09 08-19-31)
There was no way to try to decrypt the data.
13:53
S… Speaker 2 (2026-04-09 08-19-31)
This wasn't ransomware for financial gain.
13:56
S… Speaker 2 (2026-04-09 08-19-31)
It was a wiper masquerading as ransomware to cause confusion and disruption.
14:00
S… Speaker 2 (2026-04-09 08-19-31)
And the damage didn't stop in Ukraine.
14:02
S… Speaker 2 (2026-04-09 08-19-31)
Multinational corporations were impacted worldwide,
14:05
S… Speaker 2 (2026-04-09 08-19-31)
causing billions of dollars in damage.
14:08
S… Speaker 2 (2026-04-09 08-19-31)
NotPetya redefined how we think about ransomware as a weapon,
14:11
S… Speaker 2 (2026-04-09 08-19-31)
not just a business model.
14:13
S… Speaker 2 (2026-04-09 08-19-31)
Let's take a look at what made the NotPetya attack so unique and so devastating.
14:17
S… Speaker 1 (2026-04-09 08-19-31)
First,
14:18
S… Speaker 2 (2026-04-09 08-19-31)
it wasn't true ransomware.
14:19
S… Speaker 2 (2026-04-09 08-19-31)
Despite displaying a ransom message,
14:21
S… Speaker 2 (2026-04-09 08-19-31)
the malware acted as a wiper,
14:23
S… Speaker 2 (2026-04-09 08-19-31)
intentionally destroying data with no way to recover it.
14:26
S… Speaker 2 (2026-04-09 08-19-31)
It leveraged two powerful NSA -leaked exploits,
14:30
S… Speaker 2 (2026-04-09 08-19-31)
Eternal Blue and Eternal Romance.
14:32
S… Speaker 2 (2026-04-09 08-19-31)
These targeted vulnerabilities in SMB protocols and rapidly spread across
14:36
S… Speaker 1 (2026-04-09 08-19-31)
networks.
14:38
S… Speaker 2 (2026-04-09 08-19-31)
Once inside,
14:39
S… Speaker 2 (2026-04-09 08-19-31)
it used meme accounts to harvest credentials for memory,
14:41
S… Speaker 2 (2026-04-09 08-19-31)
gaining access and expanding control.
14:43
S… Speaker 2 (2026-04-09 08-19-31)
For lateral movement,
14:45
S… Speaker 2 (2026-04-09 08-19-31)
it also used PSExec,
14:47
S… Speaker 2 (2026-04-09 08-19-31)
a legitimate Windows tool to propagate across systems with the harvested credentials.
14:50
S… Speaker 2 (2026-04-09 08-19-31)
The combination of nation -state -grade exploits and legitimate admin tools made
14:55
S… Speaker 2 (2026-04-09 08-19-31)
NotPetya fast,
14:56
S… Speaker 1 (2026-04-09 08-19-31)
destructive,
14:56
S… Speaker 2 (2026-04-09 08-19-31)
and incredibly difficult to contain.
15:00
S… Speaker 1 (2026-04-09 08-19-31)
Attribution for NotPetya didn't come instantly.
15:02
S… Speaker 1 (2026-04-09 08-19-31)
It unfolded over time as investigators were able to connect the dots.
15:05
S… Speaker 2 (2026-04-09 08-19-31)
Initially,
15:06
S… Speaker 1 (2026-04-09 08-19-31)
there was a lot of confusion.
15:08
S… Speaker 1 (2026-04-09 08-19-31)
It looked like just another ransomware attack,
15:10
S… Speaker 1 (2026-04-09 08-19-31)
but a very aggressive one.
15:11
S… Speaker 1 (2026-04-09 08-19-31)
Researchers dug deeper.
15:13
S… Speaker 1 (2026-04-09 08-19-31)
They found no functional decryption mechanism and noticed that it was highly
15:17
S… Speaker 1 (2026-04-09 08-19-31)
targeted toward Ukraine.
15:19
S… Speaker 1 (2026-04-09 08-19-31)
Over the following weeks,
15:20
S… Speaker 1 (2026-04-09 08-19-31)
more indicators emerged.
15:21
S… Speaker 1 (2026-04-09 08-19-31)
Shared infrastructure,
15:22
S… Speaker 1 (2026-04-09 08-19-31)
malware similarities,
15:23
S… Speaker 1 (2026-04-09 08-19-31)
and geopolitical context.
15:25
S… Speaker 1 (2026-04-09 08-19-31)
All pointing away from cybercrime and toward state -backed activity.
15:30
S… Speaker 1 (2026-04-09 08-19-31)
Eventually, multiple governments and security firms attributed the attack to the Russian GRU,
15:34
S… Speaker 1 (2026-04-09 08-19-31)
specifically APT -28,
15:35
S… Speaker 1 (2026-04-09 08-19-31)
also known as Sandworm.
15:37
S… Speaker 1 (2026-04-09 08-19-31)
The motive behind all this was likely to destabilize Ukraine,
15:40
S… Speaker 1 (2026-04-09 08-19-31)
disrupt its financial systems,
15:42
S… Speaker 1 (2026-04-09 08-19-31)
and send a message of capability and intent,
15:44
S… Speaker 1 (2026-04-09 08-19-31)
while causing collateral economic damage worldwide.
15:49
S… Speaker 1 (2026-04-09 08-19-31)
NotPetya blurred the line between cybercrime and cyberwarfare,
15:52
S… Speaker 1 (2026-04-09 08-19-31)
and the attribution process highlighted the importance of contextual and multi
15:56
S… Speaker 1 (2026-04-09 08-19-31)
-sourced intelligence.
15:57
S… Speaker 1 (2026-04-09 08-19-31)
NotPetya also exposed some key intelligence missteps,
16:00
S… Speaker 1 (2026-04-09 08-19-31)
highlighting what can go wrong when assumptions go unchallenged.
16:03
S… Speaker 2 (2026-04-09 08-19-31)
First,
16:05
S… Speaker 1 (2026-04-09 08-19-31)
the malware was initially classified as ransomware.
16:08
S… Speaker 1 (2026-04-09 08-19-31)
This led many defenders to treat it as a typical financial crime rather
16:12
S… Speaker 1 (2026-04-09 08-19-31)
than an active cyber sabotage.
16:14
S… Speaker 1 (2026-04-09 08-19-31)
This delayed the correct strategic and operational response.
16:17
S… Speaker 2 (2026-04-09 08-19-31)
Second,
16:18
S… Speaker 1 (2026-04-09 08-19-31)
there was a lack of immediate cross -sector sharing.
16:20
S… Speaker 1 (2026-04-09 08-19-31)
Many companies learned about the threat only after they were infected.
16:24
S… Speaker 2 (2026-04-09 08-19-31)
Earlier,
16:25
S… Speaker 1 (2026-04-09 08-19-31)
collaboration between sectors and nations could have helped contain the spread.
16:29
S… Speaker 1 (2026-04-09 08-19-31)
And finally,
16:30
S… Speaker 1 (2026-04-09 08-19-31)
there was an overemphasis on the malware itself,
16:32
S… Speaker 1 (2026-04-09 08-19-31)
on the payload,
16:33
S… Speaker 2 (2026-04-09 08-19-31)
the code,
16:34
S… Speaker 2 (2026-04-09 08-19-31)
and the indicators.
16:35
S… Speaker 1 (2026-04-09 08-19-31)
That technical focus led to a missed opportunity to identify a broader strategic
16:40
S… Speaker 1 (2026-04-09 08-19-31)
intent of geopolitical disruption.
16:42
S… Speaker 1 (2026-04-09 08-19-31)
Effective cyber threat intelligence must go beyond IOCs and code.
16:46
S… Speaker 1 (2026-04-09 08-19-31)
It must consider intent,
16:48
S… Speaker 2 (2026-04-09 08-19-31)
timing,
16:49
S… Speaker 1 (2026-04-09 08-19-31)
and who's going to benefit.
16:50
S… Speaker 1 (2026-04-09 08-19-31)
That's how you turn data into true intelligence.
16:53
S… Speaker 1 (2026-04-09 08-19-31)
Now let's break down how CTI was,
16:55
S… Speaker 1 (2026-04-09 08-19-31)
or more importantly,
16:56
S… Speaker 1 (2026-04-09 08-19-31)
how it should have been applied at every level during the NotPetya attack.
17:00
S… Speaker 1 (2026-04-09 08-19-31)
At the strategic level,
17:01
S… Speaker 1 (2026-04-09 08-19-31)
the incident highlighted the growing use of cyber warfare by nation -states,
17:04
S… Speaker 1 (2026-04-09 08-19-31)
specifically Russia's GRU.
17:07
S… Speaker 1 (2026-04-09 08-19-31)
It also highlighted the need for national policies around deterrence,
17:11
S… Speaker 1 (2026-04-09 08-19-31)
resilience,
17:11
S… Speaker 1 (2026-04-09 08-19-31)
and critical infrastructure protection.
17:13
S… Speaker 1 (2026-04-09 08-19-31)
At the operational level,
17:15
S… Speaker 1 (2026-04-09 08-19-31)
defenders needed to assess the impact across sectors and geographies,
17:18
S… Speaker 1 (2026-04-09 08-19-31)
especially as the infection spilled from the Ukraine to global corporations
17:22
S… Speaker 1 (2026-04-09 08-19-31)
like Maersk and Merck.
17:24
S… Speaker 1 (2026-04-09 08-19-31)
The tactical level involved understanding the attack's methods,
17:27
S… Speaker 1 (2026-04-09 08-19-31)
the use of Eternal Blue,
17:29
S… Speaker 2 (2026-04-09 08-19-31)
Mimikatz,
17:30
S… Speaker 2 (2026-04-09 08-19-31)
and PS Exec,
17:31
S… Speaker 1 (2026-04-09 08-19-31)
and how it moved laterally with speed and stealth.
17:34
S… Speaker 1 (2026-04-09 08-19-31)
And at the technical level,
17:36
S… Speaker 1 (2026-04-09 08-19-31)
teams needed to identify and distribute IOCs,
17:38
S… Speaker 1 (2026-04-09 08-19-31)
hashes,
17:39
S… Speaker 1 (2026-04-09 08-19-31)
IPs,
17:40
S… Speaker 1 (2026-04-09 08-19-31)
and YARA rules to detect and contain the malware as quickly as possible.
17:44
S… Speaker 1 (2026-04-09 08-19-31)
When applied across all four levels,
17:46
S… Speaker 1 (2026-04-09 08-19-31)
CTI becomes a powerful tool,
17:47
S… Speaker 1 (2026-04-09 08-19-31)
not just for understanding the attack,
17:49
S… Speaker 1 (2026-04-09 08-19-31)
but stopping the next one.
17:51
S… Speaker 1 (2026-04-09 08-19-31)
NotPetya didn't just affect Ukrainian targets.
17:54
S… Speaker 1 (2026-04-09 08-19-31)
It had a massive ripple effect across the entire globe.
17:57
S… Speaker 1 (2026-04-09 08-19-31)
Major companies like Maersk,
17:59
S… Speaker 1 (2026-04-09 08-19-31)
FedEx's TNT Express,
18:00
S… Speaker 2 (2026-04-09 08-19-31)
Merck,
18:01
S… Speaker 1 (2026-04-09 08-19-31)
and St.
18:02
S… Speaker 1 (2026-04-09 08-19-31)
Gobain were hit hard.
18:03
S… Speaker 1 (2026-04-09 08-19-31)
Their operations were paralyzed,
18:05
S… Speaker 1 (2026-04-09 08-19-31)
shipping lanes were stopped,
18:06
S… Speaker 1 (2026-04-09 08-19-31)
production was halted,
18:07
S… Speaker 1 (2026-04-09 08-19-31)
and logistics chains were broken.
18:09
S… Speaker 1 (2026-04-09 08-19-31)
The total estimated damages for the NotPetya attack were about 10 billion
18:13
S… Speaker 2 (2026-04-09 08-19-31)
worldwide.
18:14
S… Speaker 1 (2026-04-09 08-19-31)
One of the most remarkable stories came from Marsk.
18:17
S… Speaker 1 (2026-04-09 08-19-31)
The company's entire active directory infrastructure was wiped out
18:21
S… Speaker 1 (2026-04-09 08-19-31)
completely across hundreds of offices and thousands of endpoints.
18:25
S… Speaker 2 (2026-04-09 08-19-31)
However,
18:26
S… Speaker 1 (2026-04-09 08-19-31)
they managed to rebuild everything from a single surviving domain controller that was located
18:30
S… Speaker 1 (2026-04-09 08-19-31)
in Ghana.
18:31
S… Speaker 1 (2026-04-09 08-19-31)
It had been offline during the attack due to a power outage.
18:34
S… Speaker 1 (2026-04-09 08-19-31)
This case is a stark reminder of the collateral damage that
18:38
S… Speaker 1 (2026-04-09 08-19-31)
state -backed cyber operations can cause,
18:40
S… Speaker 1 (2026-04-09 08-19-31)
even when the intended target is someone else.
18:43
S… Speaker 1 (2026-04-09 08-19-31)
Not, Petya taught the cybersecurity community some hard,
18:46
S… Speaker 1 (2026-04-09 08-19-31)
valuable lessons.
18:47
S… Speaker 2 (2026-04-09 08-19-31)
First,
18:48
S… Speaker 1 (2026-04-09 08-19-31)
attribution isn't just about who did it.
18:50
S… Speaker 1 (2026-04-09 08-19-31)
It's about understanding the intent.
18:52
S… Speaker 1 (2026-04-09 08-19-31)
Why was the attack launched?
18:54
S… Speaker 1 (2026-04-09 08-19-31)
What was their strategic objective?
18:57
S… Speaker 1 (2026-04-09 08-19-31)
The framing is critical for both defense and policy response.
19:00
S… Speaker 2 (2026-04-09 08-19-31)
Second,
19:01
S… Speaker 1 (2026-04-09 08-19-31)
threat intelligence teams must constantly reassess the why behind the attack.
19:05
S… Speaker 1 (2026-04-09 08-19-31)
Early assessments pegged NotPetya as ransomware.
19:08
S… Speaker 1 (2026-04-09 08-19-31)
But the true motive,
19:09
S… Speaker 1 (2026-04-09 08-19-31)
disruption and destabilization,
19:11
S… Speaker 1 (2026-04-09 08-19-31)
only became clearer with more broad analysis.
19:14
S… Speaker 1 (2026-04-09 08-19-31)
And finally,
19:15
S… Speaker 1 (2026-04-09 08-19-31)
strategic and operational intelligence can't lag behind those technical indicators.
19:19
S… Speaker 1 (2026-04-09 08-19-31)
While IOCs and malware signatures are important,
19:22
S… Speaker 1 (2026-04-09 08-19-31)
they're not enough.
19:24
S… Speaker 1 (2026-04-09 08-19-31)
Defenders need timely,
19:25
S… Speaker 1 (2026-04-09 08-19-31)
contextual intelligence to shape effective response and risk decisions.
19:29
S… Speaker 1 (2026-04-09 08-19-31)
Real CTI connects the dots across indicators,
19:33
S… Speaker 1 (2026-04-09 08-19-31)
behaviors,
19:33
S… Speaker 1 (2026-04-09 08-19-31)
motivations,
19:34
S… Speaker 2 (2026-04-09 08-19-31)
and impacts.
19:35
S… Speaker 1 (2026-04-09 08-19-31)
Let's wrap this up with a few key takeaways that not only apply to these cases,
19:39
S… Speaker 1 (2026-04-09 08-19-31)
but to cyber threat intelligence as a whole.
19:41
S… Speaker 2 (2026-04-09 08-19-31)
First,
19:42
S… Speaker 1 (2026-04-09 08-19-31)
CTI is dynamic.
19:44
S… Speaker 1 (2026-04-09 08-19-31)
It can't be static or reactive.
19:45
S… Speaker 1 (2026-04-09 08-19-31)
It must evolve with adversaries,
19:47
S… Speaker 1 (2026-04-09 08-19-31)
adapting to their changing tactics,
19:49
S… Speaker 1 (2026-04-09 08-19-31)
tools, and motivations.

ཡིག་སྒྱུར་འདི་ བཅོས་མའི་བློ་རིག་ (སྒྲ་ངོས་འཛིན་བྱེད་པའི་འཕྲུལ་རིག་) གིས་བཟོ་སྟེ་ཡོདཔ་ཨིན། ནང་ལུ་འཛོལ་བ་ཡོད་སྲིད་པ་ལ་ གལ་སྲིད་ཁག་ཆེ་བའི་དོན་ལས་ ངོ་མཚར་སྒྲ་སྐད་དང་བསྡུར་ཞིབ་དཔྱད་འབད་དགོཔ་ཨིན། བཅོས་མའི་བློ་རིག་གི་སྲིད་བྱུས་

❤️ STT.ai ལ་དགའ་བ་ཡིན་ནོ? སླབ་པར་བགྱི!
བཅུད་དོན་
ཡིག་ཆ་འདི་གི་ AI བཅུད་བསྡུ་ཐོན་ནི་གི་དོན་ལས་ བཅུད་བསྡུ་ ཟེར་བའི་བསྒང་འདི་བསྒང་བསྒ
དྲན་ཐོ་བསྡུ་གསོག...
དྲན་ཤེས་ལ་དྲི་བ་དྲིས་ལན་ཞུ།
ཡིག་ཆ་འདི་གི་སྐོར་ལ་དྲི་བ་ཅི་རིགས་ཞུས་ནའང་ བཅོས་མའི་བློ་རིག་གིས་ འབྲེལ་བ་ཡོད་པའི་དོན་ཚན་ཚུ་ འཚོལ་ཞིབ་ དང་ལན་འདེབས་ འབད་འོང་།