Interconnectedness & Attribution
My research is driven by a profound understanding that modern cybersecurity threats are rarely isolated technical incidents. Instead, they are deeply interwoven with global geopolitics, complex digital economies, and the motivations of diverse threat actors.
A critical area of my focus is the intricate, often opaque, interconnection between various types of threat actors, digital economies, and national interests. Digital markets, particularly those on the dark web, serve as vibrant hubs for the exchange of stolen data, exploit kits, and illicit services.
Directly due to this, geopolitics not only drives adversarial hackers but often creates circumstances where the goals and targets of national agencies align so closely with those of illegal crime groups and independent hackers that it can be considered the equivalent of orders and targets being shared.
01. Methodologies & Focus
OSINT & Digital Economy Mapping
Leveraging Open-Source Intelligence (OSINT) to map the intricate connections between dark web markets, cryptocurrency flows, and the broader global economic landscape.
- Techniques: Dark web crawling, crypto analysis, scraper development.
- Goals: Identifying key vendors, tracking exploit lifecycles.
Geopolitical Correlation
Correlating significant geopolitical events with observed cyberattack campaigns. This helps in understanding the strategic motivations behind attacks and potential state sponsorship.
- Techniques: Timeline analysis, malware clustering, intelligence synthesis.
- Goals: Building robust threat profiles, predicting targets.
Attribution & Evidence
Developing methodologies to strengthen attribution claims, linking seemingly independent cybercriminal activity to state-level objectives through code similarity and infrastructure overlap.
- Techniques: Code similarity, OpSec failure analysis, linguistic analysis.
- Goals: Probabilistic attribution frameworks, evidentiary linkage.