Guest Joe Slowik joins us from Domain Tools to share their research “Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity” where they examined technical artifacts emerging around the 2020 conflict between Armenia and Azerbaijan in the Caucasus region.
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Based on precedent, analysts can identify developments in adversary operations and technical capabilities by tracking identifiers related to major events and conflict zones. Identifying capabilities deployed to take advantage of such items can yield insights into fundamental attacker tradecraft and behaviors, and enable defense and response for incidents which may strike far closer to home at a later date.
The research can be found here: