Timo Steffens

Finally! The English version of "Attribution of Advanced Persistent Threats" is available for Kindle! Hardcover will follow soon. With updated and additional content as compared to the German version from two years ago. Preorder hardcover or buy eBook: amazon.com/-/us/dp-B08DCL…

The mystery of Satoshi Nakamoto, the pseudonymous inventor of Bitcoin, has remained unsolved for 17 years. Not anymore. Read my 18-month investigation to find out who Satoshi really is. nytimes.com/2026/04/08/bus…

Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure small-office and home internet equipment like routers to conduct DNS hijacking and adversary-in-the-middle attacks microsoft.com/en-us/security…

#ESETresearch is hiring! Passionate about geopolitics, cyberespionage and cyber threat intelligence? We have a new opening for a strategic threat intelligence analyst at our Montréal office. Come join the team! eset.wd3.myworkdayjobs.com/ESET_External/…

📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup. 2⃣days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatResearch 1/15

‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace. 📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers. ➡️cert.pl/uploads/docs/C…

@ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper. welivesecurity.com/en/eset-resear…

A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, researchers at @ESET told me. zetter-zeroday.com/cyberattack-ta…

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷pivotcon.org Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐

Missed among the cacophony of the most recent US-China trade spat is Taipei's rejection of Washington's proposal that 50% of semiconductors be produced in the U.S. This is a big deal and signals that de-coupling is just not going to happen. In this short video, I explain why! I also want to use this opportunity to flag to friends and clients in Australia that I will be in Sydney (October 27-28) and Melbourne (Oct 29-30) at the end of the month! If you'd like to attend one of the events BCA will put together, please reach out to our local team or just ping me directly!

Nothing but love for a blog post with summary conclusions of competing hypotheses. Transparency around how we weigh the diagnostic value of specific evidence lays the foundation for better collective understanding in the long-term.

IMHO, the loss of Twitter/X as a platform where virtually everyone in infosec who was publicly active online had a presence has really been deleterious to a lot of info sharing. It's also no doubt prevented a lot of useful discussions and interactions from happening.

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom #ApolloShadow malware. microsoft.com/en-us/security… #ApolloShadow #MSTIC #MIRAGE

#PublicAttribution of cyber activities is #China’s latest technique for pressuring #Taiwan and shaping the international dialogue around #cybersecurity. Ben Read digs into the details on Binding Hook: bindinghook.com/articles-hooke…

State of Statecraft (SOS) is a new security and intelligence conference purposed to bring together observers of espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored ops.

‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategy itpro.com/security/cyber…

Scoop: US intelligence officer offered top secret documents to the German #BND and asked for German citizenship - because he was frustrated with the #Trump government. BND informed the Americans and he was arrested. Story with @manuelbewarder @schmitt_jrg tagesschau.de/investigativ/n…

Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge of these actors align to enable security professionals to connect insights faster and make decisions with greater confidence. msft.it/6011SlOZ9

Der Cyberraum ist nicht losgelöst von der physischen Welt. Manche Cyberangriffe haben das Ziel, Straftaten in der sogenannten "Realwelt" zu ermöglichen. U. a. wurden Lagerhaltungs-Datenbanken kompromittiert, um zielgenau Waren zu stehlen. Mehr Beispiele: bsi.bund.de/DE/Themen/Unte…

Microsoft has discovered worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. msft.it/6011S9JpN