Category: Threat Actors

Threat Actors are people who are acting counter to you or your organization’s interest. They are a threat to yourself, your family, your community, your organization (company), your society, and your nation. They cannot be taken for granted. You can classify the world in the four key threat actor categories:

Cyber-Criminal Threats – Cyber-Crime is an International Legal problem that has no short term resolution. There will always be someplace in the world that is a harbor for cyber-criminal activity.
Nation State Threats – Post-Snowden, the secret world of nation-state security is now all in the open. Your network is a valid “Battle Space” for any Cyber-War.
Political, Patriotic, Protestors (P3) – There are always going to be someone, somewhere, who is upset with society – with the ability to make their anxiety know through any network – anywhere.
Corporate Threats (New!) – The dialog between US & China will accelerate the corporate on corporate threat vector.

US ISP CPE SUPPLY CHAIN

Posted on March 24, 2026March 24, 2026

Who Makes What, and Where with the US ISP CPE Supply Chain Version 2.0 | March 24, 2026 senki.org | bgreene@senki.org This research tool was curated from detailed questions by a +40-year Internet engineer, large network architect, and cybersecurity specialist. The questions were used to build out logic flows in multiple LLMs to gather insights Read More

How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure?

Posted on March 23, 2026March 23, 2026

How do you get 29 organizations to collaborate to disrupt multiple threat actors’ operational infrastructure? (see the list below) What is not stated is that this group is the known TLP: RED group. There is a larger TLP: AMBER community of supporting individuals and organizations. These groups all exist and will continue to put pressure Read More

You missed it! Threat Actors simple paths into your network.

Posted on December 22, 2024December 22, 2024

On December 3rd, 2024, six cybersecurity organizations published Enhanced Visibility and Hardening Guidance for Communications Infrastructure, detailing simple paths threat actors use to penetrate networks. Most people I talk to say, “This is nothing new.” “We’ve heard it all before.” “These are all Best Common Practices (BCPs); everyone should have deployed them already!” Do not Read More

PlugX Infections – Is that You?

Posted on July 31, 2024July 31, 2024

The French Government sees the massive number of PlugX infections as a national threat. PlugX is malware used by Nation State threat actors to get inside networks. Sekoia was part of a sinkholing action that uncovered thousands of locations where PlugX is deployed. Should you be concerned? How do you discover if you have a Read More

Industry Anti-DDOS Strategy 2018

Posted on April 29, 2024April 29, 2024

Note to the Readers …… Yes, there are communities who consult and curate an anti-DDoS strategy to mitigate the risk to the Internet. Starting ~2000, Operators have consulted on ways to build better resilience into the Internet’s infrastructure. These consultations evolved into informal security strategy plans. By 2012, multiple groups were involved (see http://www.senki.org/2012-a-year-of-cyber-security-optimism/). A Read More

Perhaps it is time to admit that the ladder is on the wrong wall

Posted on March 13, 2024March 13, 2024

I’m reading Paul Vixie’s Magical Thinking in Internet Security. I 100% agree with everything Paul is pointing out. We’ve had many conversations about these challenges in the past. But I’m now at a point where I’m looking in the mirror and realizing what we’re doing might be the wrong approach. I’m exasperated at the persistent Read More

Optimize Shadowserver’s Value – Checklist

Posted on January 9, 2024January 9, 2024

Optimize Shadowserver’s value! Stop the Threat Actors! You are at risk if you get any of the +120 daily reports. Most issues are easily fixed. All these reports share details the threat actor can potentially exploit. Take 15 minutes once a quarter to update your contacts, ASNs, IPs, Domain, APIs, and other details. Quarterly Reviews Read More

Thanksgiving Holiday Fun! Five Eyes Warn of LockBit 3.0 Ransomware!

Posted on November 22, 2023November 22, 2023

Do you know if your network is vulnerable to LockBit 3.0 Ransomware crew getting into your network via NetScaler CVE-2023-4966 vulnerability? Boeing – a company with a powerful cybersecurity team – was penetrated by the LockBit crews using CVE-2023-4966. Is this your Thanksgiving holiday fun? For those subscribed to Shadowserver free Cyber Civil Defence reporting, Read More

New SLP DDoS amplification can overload your network

Posted on April 25, 2023April 25, 2023

Happy Tuesday – It is the RSA conference week. That means we get vendors disclosing vulnerabilities while people are at the conference. Bitsight and Curesec uncovered a Service Location Protocol (SLP) DDoS Amplification that can be as high as 2200:1. That means an open SLP port on your network can … CISA has posted an Read More

Welcome to CyberWar & LongTerm Ramification Unleashed by Russia’s War

Cyberwar is today’s reality. We’ve moved from a world of cyber-criminal threats to an interconnected arena where any malicious activity is feasible. Cyber-Kinetic attacks that destroy, kill, and massively disrupt civil society are part of our new security threat landscape reality. Geography will not help. The massively interconnected Internet means that you are a cyberwarrior’s