Daniel Gordon
@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
Doesn’t look like DPRK to me, should probably give them your social security number
November 10, 2025 at 2:15 PM
Doesn’t look like DPRK to me, should probably give them your social security number
I don’t know. Not a lot of public info on that. In the current environment, I suspect they write a love letter, do a photo op, and build a hotel and get him back for free but 🤷♂️
November 10, 2025 at 12:57 AM
I don’t know. Not a lot of public info on that. In the current environment, I suspect they write a love letter, do a photo op, and build a hotel and get him back for free but 🤷♂️
If you defect, your family goes to a prison camp or worse.
November 9, 2025 at 11:04 PM
If you defect, your family goes to a prison camp or worse.
*Screams incoherently at five different things about this that make no sense*
November 9, 2025 at 6:36 PM
*Screams incoherently at five different things about this that make no sense*
I know dunking on this is fun and all but if you watch the clip Christo is laughing and mocking this conspiracy theory he heard from Russian intel. I’ve heard stories about the terrible quality of Russian intel but this is bad.
"Famed spy hunter"
November 8, 2025 at 4:17 PM
A lot of “infrastructure geolocates to X, therefore state sponsored by X”. A lot of “major ransomware attack was to distract from an [unrelated] major espionage intrusion” and a lot of “I heard about something a couple times therefore growing trend”.
November 8, 2025 at 1:57 PM
A lot of “infrastructure geolocates to X, therefore state sponsored by X”. A lot of “major ransomware attack was to distract from an [unrelated] major espionage intrusion” and a lot of “I heard about something a couple times therefore growing trend”.
With that said I’ve certainly seen this kind of thing from western intel folks as well and spent way more time than I would like debunking grand conspiracy theories and wild unsupported attribution statements.
November 8, 2025 at 1:57 PM
With that said I’ve certainly seen this kind of thing from western intel folks as well and spent way more time than I would like debunking grand conspiracy theories and wild unsupported attribution statements.
Also I should note Christo is relaying Russian intel RUMINT rather than things he actually believes.
November 7, 2025 at 12:28 AM
Also I should note Christo is relaying Russian intel RUMINT rather than things he actually believes.
Malware used in Bangladesh had similarities to malware used in Sony and other DPRK bank heists. Christov is claiming that access got handed off i believe, not that the whole hack was misattributed. baesystemsai.blogspot.com/2016/05/cybe...
Cyber Heist Attribution
Written by Sergei Shevchenko and Adrian Nish BACKGROUND Attributing a single cyber-attack is a hard task and often impossible. However, ...
baesystemsai.blogspot.com
November 6, 2025 at 11:57 PM
Malware used in Bangladesh had similarities to malware used in Sony and other DPRK bank heists. Christov is claiming that access got handed off i believe, not that the whole hack was misattributed. baesystemsai.blogspot.com/2016/05/cybe...
Christov claims that they handed off access, not false flags. There are a lot of examples of handing off access but norm is actors from the same state or crim -> state. This kind of handoff is an extraordinary claim requiring legit evidence especially because of a timeline that doesn’t make sense.
November 6, 2025 at 11:51 PM
Christov claims that they handed off access, not false flags. There are a lot of examples of handing off access but norm is actors from the same state or crim -> state. This kind of handoff is an extraordinary claim requiring legit evidence especially because of a timeline that doesn’t make sense.
I didn’t know that it was a non-starter on both sides of the aisle. Would you be willing to elaborate?
November 6, 2025 at 3:37 AM
I didn’t know that it was a non-starter on both sides of the aisle. Would you be willing to elaborate?
Reposted by Daniel Gordon
You need a very special personality type to be a great ft reverser and most people can’t. It’s why they can write their own ticket.
November 1, 2025 at 5:58 AM
You need a very special personality type to be a great ft reverser and most people can’t. It’s why they can write their own ticket.
I’ll try to squeeze some into my Bsides Pyongyang talk, though. 🙂
October 28, 2025 at 12:00 AM
I’ll try to squeeze some into my Bsides Pyongyang talk, though. 🙂
Internal brown bag for my team, at least for now. I try not to publicly smack talk other intel shops, even though some deserve it. We all make mistakes, especially when we’re new but we can learn lessons from our own mistakes or others’ mistakes.
October 27, 2025 at 11:47 PM
Internal brown bag for my team, at least for now. I try not to publicly smack talk other intel shops, even though some deserve it. We all make mistakes, especially when we’re new but we can learn lessons from our own mistakes or others’ mistakes.
Sometimes they’re good at it and sometimes not. I’m going to do an entire talk on this sentence from a Kaspersky report in August.
October 27, 2025 at 11:06 PM
Sometimes they’re good at it and sometimes not. I’m going to do an entire talk on this sentence from a Kaspersky report in August.
Disappointed that I have to defend Anduril here but these SSH keys are a nothingburger and it remains a mistake to immediately believe everything you see posted on Twitter even if it confirms your priors.
October 27, 2025 at 3:00 PM