How state-sponsored hacking affects trust

For two decades, Western cybersecurity strategy focused on infrastructure. We hardened networks, deployed zero-trust frameworks, and invested heavily in detection and segmentation. And it worked....until adversaries adapted. Today, state-linked actors from China, Russia, Iran, and North Korea are shifting their focus from systems to people. The modern reconnaissance cycle increasingly begins not with malware, but with resumes, LinkedIn profiles, conference bios, and publicly shared career milestones. A single resume can reveal what technology you use, the programs you support, the vendors you work with, where facilities are located, whether you hold a clearance, and even who you report to. That data enables tailored spear phishing, credential harvesting pages that mirror real defense portals, and precision social engineering that references actual teammates and projects. This is counterintelligence in a digital society. Our professional culture rewards visibility and openness. In most sectors, that transparency creates opportunity. In the national security ecosystem, it can create exposure. In today's episode, I discuss how resume harvesting has become a strategic collection method, why the personnel layer is now a primary attack surface, and what that means for the defense industrial base. 🎧 Full episode here:

You get the call. It’s your source, the same number they always use. You recognize the voice immediately. Calm. Detailed. Credible. They provide you with intel that aligns with your ongoing investigation. You take notes. You move fast. But the call wasn’t real. The number was spoofed. The voice was synthetic. Someone cloned your source using AI, and contact data was leaked in a recent breach. That intel? Planted disinformation. When it publishes, reputations are damaged, markets move, and trust collapses. This scenario mirrors current events. The Washington Post breach exposed the email accounts of national security reporters. CrowdStrike’s 2024 outage demonstrated how quickly infrastructure can fail, providing attackers with an opportunity to harvest communications in bulk. Now, voice cloning tools are being used with real data to fool even the most experienced professionals. This isn’t speculation. It’s a tabletop training scenario based on real tactics. The next voice you trust could be the one that ruins your credibility.  #Deepfake #DisinformationDefense #TabletopExercise #NationalSecurity #SocialEngineering

Chinese State-Backed Hackers Are Targeting Australia’s Critical Infrastructure Introduction Australia’s top intelligence official has issued a stark warning: Chinese state-backed hackers are actively infiltrating the nation’s critical infrastructure and positioning themselves for potential sabotage. These intrusions mirror U.S. intelligence assessments and tie directly to concerns about China’s preparation for a possible future conflict over Taiwan. Key Details China-Linked Groups Are “Pre-Positioning” for Future Attacks • ASIO Director-General Mike Burgess confirmed that at least two Chinese government-backed groups have breached Australian networks. • These actors are not merely collecting intel—they are establishing operational footholds for potential disruption. Volt Typhoon Targeting Critical Infrastructure • Volt Typhoon is attempting intrusions into power grids, water systems, transportation networks, and other essential services. • Successful breaches could enable shutdowns or widespread outages across energy and water sectors. • U.S. intelligence previously assessed the same group as preparing to hinder American military response during a Taiwan conflict. Salt Typhoon Expanding Espionage Operations • Salt Typhoon has compromised over 200 telecom and internet providers globally, including AT&T, Verizon, and Lumen. • The group siphons call records, texts, and sensitive metadata from telecom networks. • The FBI has pressed Americans to shift to end-to-end encrypted messaging to avoid exposure. Growing Evidence of a Global Campaign • Canada recently confirmed similar breaches across its telecommunications sector. • Burgess emphasized that once hackers gain access, the difference between espionage and active sabotage is merely a matter of “intent, not capability.” Why This Matters Australia’s warning underscores a broader geopolitical reality: China’s cyber apparatus is no longer confined to intelligence collection—it is actively preparing the digital battlespace for strategic leverage. A successful activation of these cyber footholds could trigger economic paralysis, undermine public trust in essential systems, and complicate national defense during a crisis. The alignment of Australia, the U.S., and Canada on these assessments signals growing international urgency—and a need for hardened infrastructure, encrypted communications, and unified cyber defense strategies. I share daily insights with 33,000+ followers across defense, tech, and policy. If this topic resonates, I invite you to connect and continue the conversation. Keith King https://lnkd.in/gHPvUttw

Europe's seeing something different than the rest of us. 96% of one pro-Russian hacktivist group's 6,600+ attacks since March 2022 targeted Europe. Not North America. Not Asia. Europe. This isn't ransomware-for-profit. It's state-sponsored infrastructure disruption. 🇳🇴 Norway (April 2025): Dam floodgates opened remotely for 4 hours. Weak password on web-accessible control interface. No MFA. Formally attributed to Russia in August. 🇵🇱 Poland: 20-50 cyberattacks on critical infrastructure per day. ✈️ Collins Aerospace (September 2025): Ransomware cascaded across European airports - Heathrow, Brussels, Berlin. Shared infrastructure created domino effect. ⚡ Z-Pentest: 38 ICS attacks in Q2 2025 - posting videos of themselves tampering with controls. 23% of sophisticated OT attacks targeting Europe are hacktivists. And 46% of those attacks resulted in "manipulation of control" - they're not stealing data, they're tampering with physical processes. 73% of organizations experienced OT intrusions in 2025, up from 49% in 2023. The Norway dam hack shows the playbook: exploit IT-style remote access on OT systems. Weak passwords. Web-exposed controls. No architectural isolation. The exact vulnerabilities IT/OT convergence creates. Network engineering reality: ☠️ Shared authentication = single compromise point. ☠️ Trust relationships = lateral movement highways. ☠️ Centralized management = cascading failures across borders. You cannot out-respond state-sponsored attacks. You cannot patch fast enough. You cannot detect threats when IT security tools are blind to industrial protocols. The only defense that works: make attacker speed irrelevant through proper architectural isolation. Operations teams need control over their own network architecture. Not IT departments applying enterprise security models to systems that control physical processes. I'm at Automation Fair in Chicago this week, but the data from Europe validates what we've been saying: Infrastructure Independence isn't theory, it's operational necessity. Infrastructure belongs to Operations. 🌊 #OTSecurity #CriticalInfrastructure #IEC62443 #IndustrialCybersecurity #Manufacturing #EuropeanIndustry #SCADA #IndustrialNetworks #InfrastructureIndependence.

Hackers just impersonated an entire cybersecurity agency. To distribute malware. Disguised as a "protection tool." Last week, threat actors posed as Ukraine's Computer Emergency Response Team, CERT-UA, the government's official cyber defense agency. They sent 1 million phishing emails. The sender address: incidents@cert-ua[.]tech The file name: "https://lnkd.in/eDGsvz3y" The message: Install this specialized security software immediately. Except the software was AGEWHEEZE. A Go-based remote access trojan. Here's what it did once installed: → Full command execution on the victim's machine → Keystroke logging → Clipboard hijacking → Screenshot capture → File manipulation → Persistent remote access via WebSocket The targets weren't random: → State government agencies → Hospitals and medical centers → Security companies → Financial institutions → Universities → Software development firms The threat actor claims 200,000 devices were compromised. Think about that. People downloaded malware specifically BECAUSE it said it came from the agency that protects them from malware. The very thing designed to create trust became the weapon. This is the new playbook. Hackers don't need zero-days when they have your trust. They don't need exploits when they have your government's logo. If your incident response plan doesn't include verifying the identity of the people telling you to "install security software" You don't have an incident response plan. You have a phishing target on your back. #Cybersecurity #Phishing #InfoSec #ThreatIntelligence #IncidentResponse #CERTUA #Malware #SocialEngineering

The line between cybercriminals and nation-state hackers has officially disappeared. And most logistics firms (or really most companies in general) have no idea what that means for them. Caption: For most of my career, 20 years with the FBI and another six in the private sector, the rules were mostly clear. Cybercriminals wanted money. Nation-states wanted intelligence. Different motives. Different methods. Different targets. That world no longer exists. What we're seeing now is a hybrid threat model that should alarm every executive regardless of your geographical location: 🔴 Nation-states are outsourcing operations to criminal groups and giving them state-level tools, zero-day exploits, and operational cover. 🔴 Criminal gangs are selling access to compromised networks to state-sponsored actors looking for geopolitical leverage. 🔴 Ransomware crews are doubling as espionage assets, extracting data for intelligence services BEFORE encrypting your systems for profit. This isn't theory. This is happening right now. Groups linked to Russia, China, and North Korea are actively blending with cybercriminal ecosystems. The result? Attacks that carry the sophistication of a government operation with the ruthless financial motivation of organised crime. Why should execurtives and senior leaders care? ("We've never had a breach, why should I care?!") Because you sit at the intersection of everything these hybrid actors want: 🟠 Real-time movement data across borders 🟠 Customs and trade documentation 🟠 Access to defence and critical infrastructure supply chains 🟠 Financial transaction flows between dozens of partners Your network isn't just a business asset. It's an intelligence goldmine. And here's the problem, most companies are still defending against yesterday's threat. A lone hacker in a hoodie. A generic phishing email. A script kiddie poking at your firewall. The adversary has evolved. Your security posture has to evolve with it. This hybrid model demands hybrid defence: ✅ Threat intelligence that goes beyond vendor dashboards, understanding WHO is targeting your sector and WHY ✅ Board-level awareness that treats cyber threats as geopolitical risks, not just IT tickets ✅ Supply chain vetting that accounts for state-sponsored infiltration, not just financial stability ✅ Incident response plans built for attacks that are designed to persist, not just disrupt Because when a criminal gang has a nation-state standing behind it, your antivirus subscription isn't going to do much. Is your organisation still defending against yesterday's threat actor, or have you adapted to the hybrid reality? I'd like to hear how your industry is responding. Drop your perspective below or send me a message directly if you have questions or would like to discuss specific threats to your business. I'm just here to help.

New findings from my team at the Security Lab at Amnesty International cast serious doubt on Israel’s commitment to take measures to address the misuse of NSO Group's spyware. Pegasus from NSO Group has been linked to significant human rights violations, including privacy and freedom of expression. When states fail to take decisive action against these abuses, it undermines trust in their ability to protect and uphold the rule of law. As 13 journalists from El Salvador that were targeted with Pegasus because of their work, likely by the government of El Salvador, continue to seek reparations in US Courts for the unlawful targeted surveillance and other human rights violations they have experienced, this research confirms that Israel is not an adequate forum to pursue justice related to the use of these harmful tools. It is imperative that we hold both private entities and governments accountable for their roles in engaging in, facilitating or failing to prevent unlawful targeted surveillance. We must advocate for stronger international oversight and legal frameworks to ensure that human rights are prioritized over commercial interests and state security narratives. https://lnkd.in/gXQMGVz7

Governments, Intelligence Agencies, and the Unseen Collusion in Cyber Crime. In November 2020, the true extent of government overreach in surveillance was starkly exposed. Crypto AG, a provider of supposedly secure encryption machines to over 140 governments for decades, was revealed to have been secretly owned by the CIA. The encryption machines were provided complete with backdoors for intelligence-gathering purposes. In a stunning twist, its closest rival, Omnisec AG, was also compromised, serving the same interests. These shocking revelations came at a similar time to cyber incidents, including the SolarWinds attack, which affected 18,000 entities, including key U.S. government departments. The problem goes deeper than individual incidents. Since 2020, cybercrime has escalated tenfold, leaving regulations such as GDPR, the Cybersecurity Maturity Model Certification (CMMC), and similar frameworks struggling to adapt and rarely being enforced. Governments are still exclusively invested in offensive cyber operations than robust defensive measures. This raises an uncomfortable question: are intelligence agencies and governments themselves complicit in the growing cybercrime epidemic? Programs like those run by Crypto AG and Omnisec reveal an unnerving truth: surveillance efforts prioritize the ability to spy on allies and adversaries alike, often at the expense of citizens’ trust. The cascading repercussions are dire—encryption that people rely on for privacy and security is routinely undermined. Internet users worldwide are caught in a system that pretends to protect their data while actively compromising it. The SolarWinds breach and SIGRed vulnerabilities exposed the risks of this approach, as U.S. government departments fell victim to the very flaws their offensive programs exploit. Despite these failures, agencies continue to adopt aggressive cyber postures, fostering a global arms race that neglects defensive safeguards for everyday users. This collusion between surveillance agendas and a lack of accountability leaves citizens and businesses vulnerable. While governments may claim national security as justification, the real cost is borne by Internet users globally, who unwittingly become pawns in a game that favors intelligence dominance over transparency and security. Until there is a global reckoning on surveillance ethics and defensive priorities, governments will remain both culprits and catalysts of cybercrime—betraying the very people they are sworn to protect. Cybersec Innovation Partners

Did you know there is a Chinese law requiring tech companies who learn of a hackable flaw in their products to share that flaw with the Communist Party? Consider this: "For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray market. But for the past two years, China has added another approach to obtaining information about those vulnerabilities: a law that simply demands that any network technology business operating in the country hand it over. When tech companies learn of a hackable flaw in their products, they’re now required to tell a Chinese government agency—which, in some cases, then shares that information with China's state-sponsored hackers, according to a new investigation. And some evidence suggests foreign firms with China-based operations are complying with the law, indirectly giving Chinese authorities hints about potential new ways to hack their own customers." One doesn't have to be too terribly creative to see all of the problems that this can cause... https://lnkd.in/eHre9K2q