I’ve never touched a motor before in my life.
This is about cybersecurity, I promise. Bear with me a minute.
The ground outside the DTI Boston Satellite Office (my living room) is thick with snow. We had it easy through most of January, and then multiple blizzards. And after the first one, a piece of ice lodged in the auger of my snowblower, and the impeller belt ripped itself apart.
Deciding I could replace the belt myself involved a bit of hubris, in retrospect. Because as noted, I’ve never touched a motor of any type before in my life. So it should not have been a surprise when I found myself sweating over the guts of my snowblower on a Thursday night trying to force the belt into place.
It didn’t help that my machine included a third wheel of sorts, a tensioner that didn’t exist in any manual or online video about replacing the impeller belt in my exact model. But a life of spreadsheets and threat hunting did not prepare me for motor mechanics, oddly enough.
So I reached out. Because I didn’t know, and while I tried to brute force it, and research it, nothing worked. I tried to bribe the belt into place, and threaten it, and cajole it. None of this resulted in the least amount of progress, and so I asked for help.
There’s still a stigma in admitting you don’t know something in infosec; “information” is in the name, after all. And the sentence “I don’t know” is treated as a failure. But what we need to do is treat it as a starting point instead; “I don’t know, yet.”
I articulated the problem and showed my work. A few minutes later came a reply: “Oh. So. What you need to do is…”
And a few minutes later the snowblower was running like new.
Be the person that reaches out for help when you need it, and show this industry that’s okay. But also be the person that answers when you can, to show each other we’re not alone.
Articles
Almost feel like I need to add an extra section just for Google Threat Intelligence Group - they’ve spent the past few weeks putting out piece after piece of great intel. As always, grateful for folks sharing like this.
GTIG - UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering - DPRK, cryptocurrency, generic domains and targeted subdomains. What’s not to love?
GTIG - GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use - There are some perverse incentives in the AI offsec reporting space, but very worth keeping updated on the bits of hard evidence out there.
GTIG - Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign - Actual disruption in the wild. Whether our disruption tactics overall are effective or not - that’s a bigger question, and needs to be talked about more.
GTIG - Beyond the Battlefield: Threats to the Defense Industrial Base - Good review for analysts, good intro section for execs, if this area matters to you.
Lots of other good reading out there this month, though, too:
Infoblox Threat Intel - Compromised Routers, DNS, and a TDS Hidden in Aeza Networks - One of the best DNS investigation posts I’ve ever read, and I’ve read a lot of them. Infoblox TI not only provides the results of their research, but shows in-depth steps on how to recreate it by eliciting responses from secretive recursive servers, for example.
The Record - Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure - Thinking about this one in the context of Joe Slowik’s CYBERWARCON talk, which doesn’t seem to be online unfortunately. If you’re not following Joe yet, maybe start.
Gitlab Threat Intelligence - GitLab Threat Intelligence Team reveals North Korean tradecraft - Excellent deep dive into both the fraudulent enterprise IT worker threat and the Contagious Interview campaign, the latter of which targets job applicants for compromise.
Symantec/Carbon Black Threat Hunter Team - North Korean Lazarus Group Now Working With Medusa Ransomware - The brevity here is respectable - it’s actually a very information-dense post with some deeper implications for DPRK-targeted ecospheres.
Research Papers and Reports
Crowdstrike - 2026 Global Threat Report - Heavy on the AI stuff, which I am always skeptical of, but I haven’t dived deeply into the guts here yet.
Tools and Resources
PulseBeat02 - yt-media-storage - Encodes any data into lossless video styles to store on Youtube, and decodes them into the original data, for exfiltration etc. I suppose if you can store a PNG on a starling, you can exfiltrate crown jewels via youtube.
