One thing I've noticed after tracking down so many cybercriminals is that it's super common for the person's first sales thread on a forum to include data stolen from an organization in the country where they live. This is more remarkable when the threat actor is outside the United States, because it very often tells you exactly which country they are from.
You might think that this would be a very dumb thing to do from a self-preservation perspective, but a lot of times they are eager to make a splash on the forums and the best data or access they have is their government's data or some company working with their country's govt. And if you consider that many young people get started in hacking by sticking it to the local authorities and trying to make them look like clowns, it makes a lot more sense.
You might think that this would be a very dumb thing to do from a self-preservation perspective, but a lot of times they are eager to make a splash on the forums and the best data or access they have is their government's data or some company working with their country's govt. And if you consider that many young people get started in hacking by sticking it to the local authorities and trying to make them look like clowns, it makes a lot more sense.
2
