Aleksandar Milenkoski

Dropping this today: ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware In collaboration with @JulianVoeg from @RecordedFuture 🧵A quick summary and a few thoughts on the use of RSW by APTs s1.ai/Chamel-b

Last week, a new initiative was launched under @NATO DEEP to develop a Reference Curriculum on Artificial Intelligence as a Tool for Military Power. Honored to work alongside a distinguished group of experts and help define how AI is addressed within military education!

Over the past 5 months, SentinelLABS has embraced a remit of experimenting with frontier model capabilities towards meaningful security applications. We’ve been reporting on our findings openly as we complete them. We hope it’ll help others looking for ways to meaningfully impact cybersecurity.

Sentinel Labs researchers Aleksandar Milenkoski & Razvan Gabriel Cirstea explore the application of LLMs for extracting & contextualizing information from cyber threat intelligence (CTI) reports, turning narrative into structured data for downstream use. sentinelone.com/labs/from-narr…

The blog post includes discussions of challenges and trade‑offs involved, as well as early evaluation results. [2/2] sentinelone.com/labs/from-narr…

Just published: turning cyber threat intel narratives into knowledge graphs with LLMs. Razvan and I explore the application of LLMs for extracting and contextualizing information from CTI reports, turning narrative into structured data for downstream use. [1/2]

Some additional details emerge about the F5 breach: the hackers were in the company's network for at least 12 months, according to people familiar with the investigation. F5 sent customers on Wednesday a threat hunting guide for Brickstorm, which is leveraged by the UNC5221 Chinese APT group. BTW, 12 months is just a bit short of the 393 days that is the average dwell time for UNC5221. Story by Patrick Howell O'Neill and colleagues: bloomberg.com/news/articles/…

1/ A pro-Hamas persona is making noise from recent airport “hacks”, including broadcast system defacements in 🇨🇦 Kelowna & 🇺🇸 Harrisburg. But digging deeper, their actions remain low-impact and opportunistic. Lets take a deeper look..🧵

Last week, I had the pleasure of hosting a seminar session at @warstudies, @KingsCollegeLon. I am very grateful to @monica_kello for the invitation and to all the attendees for taking the time to join and engage in thoughtful discussion! kcl.ac.uk/events/ransomw…

It’s finally here.. @labscon_io welcome reception kicks off TONIGHT! Opening with a live Three Buddy Problem show, setting the tone for an incredible week of brilliant minds coming together. Watch #LABScon25 for event updates and highlights. 💜 See you in the desert 🧵..

The @labscon_io agenda is packed with incredible talks and speakers. Check it out! [3/3] s1.ai/agenda25

I’m also delighted to be hosting a workshop with @Joseliyo_Jstnk (@Google, @virustotal) on "Advanced Threat Hunting: Automating Large-Scale Operations with LLMs." [2/3]

🚀@labscon_io kicks off tomorrow! I am excited to be presenting on the APT group CamoFei, a joint research project with @JulianVoeg (@RecordedFuture), @AzakaSekai_ (@TeamT5_Official), and myself (@LabsSentinel, @SentinelOne). [1/3]

@AJVicens and @razhael from @Reuters provide further coverage of the human dimension of this threat, exploring victim engagement methods and their personal impact. Read the Reuters article: reuters.com/world/asia-pac…

🚨New research drop: Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms It was a pleasure collaborating with @SreekarMad and @warm_warmer from @ValidinLLC! Read our blog post: s1.ai/nk-ops

When Public Information Censorship Meets Private Enterprise: @LabsSentinel analyzed a data leak that revealed to them the complex ecosystem between the Chinese Communist Party (CCP) and country’s private cybersecurity sector. The data leak from Chinese cybersecurity firm, Topsec, indicates that private cybersecurity firms are likely being used for content moderation in an effort to monitor and control public opinion. Read the full report from @LabsSentinel’s @spiderspiders_, @milenkowski, and @DakotaInDC: s1.ai/topsec

@DebugPrivilege Get well soon! 🙏

Presenting at @HagueTIX with @JulianVoeg was an amazing experience! So many insightful talks! Huge thanks to the organizing team (@monica_kello, Corianne Oosterbaan, and the PC) for having me. Already looking forward to next year, wouldn’t miss it!

@pagabuc 🔥

Our research on Secure Boot keeps on giving! Today we disclose CVE-2025-3052, a Secure Boot bypass that started with vulnerable signed module found on VirusTotal and ended with 14 hashes added to dbx by Microsoft in today’s Patch Tuesday 🔥

Think Deeper. One line of this @SentinelOne blog (🙏 @TomHegel and @milenkowski) stood out to me. 💭"Encrypts and password-protects the archive using 7-Zip with the password @WsxCFt6&UJMmko0, ensuring the data is obfuscated from inspection." Pretty strong password at first blush. Let's see if @Copilot can figure out why the threat actor may have chosen it.

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets June 9, 2025, Sentinel Labs sentinelone.com/labs/follow-th… @LabsSentinel