Speaker: Curtis Hanson (Invictus Incident Response)

Behind Iran’s named APT groups lies a quieter layer of cyber contracting firms that appear to operate as ordinary IT companies or training institutes but in reality reveal deep ties to state-linked ecosystems. While some entities like Raha Sec, Spara Sec, and Ravin Academy are increasingly recognized, what about those that remain undocumented?

This talk will briefly recap these known cyber enablers before exposing a previously unreported offensive cyber contractor with links to them, along with several unreported entities with no online presence that can be traced through corporate records to the Execution of Imam Khomeini’s Order (EIKO). We will also examine how this ecosystem connects to Fanap, Iran’s largest private financial and investment group, and to elite Iranian universities that function as talent pipelines.

By analyzing how these companies are structured, who leads them, and how they intersect with state finance, we can uncover insights that go beyond individual APT groups. This mapping reveals the current contractor ecosystem and state-aligned financial arms that support Iran’s offensive cyber programs. The session will close with a brief overview of the sources and collection methods used to produce these findings, enabling others to track future enablers within Iran.

Speaker: Kieran Green

This presentation will examine the organizational system and institutional design of China’s cyber militia system. It will analyze how the Chinese government mobilizes civilian personnel through work units like universities and state-affiliated enterprises, embedding them within a broader military command structure. The talk will also highlight how this system diverges from comparable cyber reserve forces in other countries.

Speaker: Paul Rascagneres (Volexity)

Speaker: CERT-UA

In this talk, the Computer Emergency Response Team of Ukraine (CERT-UA) will present an up‑to‑date overview of the Ukrainian cyber threat landscape, highlighting its diverse manifestations - from information and psychological operations to destructive activities, cyber espionage, and financial crimes. The presentation, taking into account the evolution, persistent nature, and growing sophistication of modern cyber warfare, will address some challenges faced and the strategies employed to counter them. Where appropriate, the session will also feature real‑world case studies. Details of these cases may be explored further in discussion with subject‑matter experts among the attendees, fostering a shared understanding and identifying opportunities for effective collaboration.

Speaker: Elly Rostoum

This talk exposes China’s sophisticated strategy of corporate obfuscation and invisible web of dependencies—a network so sophisticated that even multinational corporations remain blind to their own vulnerabilities. As Washington pursues decoupling and derisking policies, this talk demonstrates why such approaches are built on flawed assumptions about economic competition with an adversary that has rewritten the very rules of global commerce. This is the untold story of economic warfare fought in boardrooms and supply chains.

Speaker Bio: Elly Rostoum is a former U.S. intelligence analyst, and the founder and principal investigator of the BULL DRAGON PROJECT. She is a lecturer at Johns Hopkins University, where she teaches courses on China, strategic studies, US national security, and the geopolitics of emerging technologies. Elly was the recipient of the 2024 Johns Hopkins Nexus Awards in teaching, and the 2023 Johns Hopkins University Discovery Awards for research, which recognize researchers who are poised to arrive at important discoveries or creative works. Elly is the upcoming author of Bull Dragon: State Control and the Instrumentalization of the Chinese Firm, and Entrenched: China, Supply Chains, and the Future of the Global Order. In another life, Elly used to forecast oil prices. Elly speaks five languages, and 22 dialects. More on her work here: www.EllyRostoum.com

Speaker: Bitdefender

Speaker: Trend Micro

Speaker: CERT-EU

Speaker: [redacted]

Speaker: Graphika

This presentation will draw on case studies on China, Russia, and Iran to demonstrate how state media and its technical infrastructure, previously attributed and suspected influence operations, and amplifier networks connected to influence operations remain a solid stream of leads for identifying new or previously unreported suspected influence operations. It will also explain how these networks and accounts can help corroborate the involvement of seemingly independent groups with state entities.

Speaker: Google Threat Intelligence Group

Speaker: HarfangLab

Description: [redacted]

Speaker: BitDefender

Description: [Redacted]

Background: The inaugural SOS will take a moment to shine a light on investigative force multipliers during breaks. For this session, we are honored to host Pasquale Stiparo, founder of RationalEdge, technical author and co-founder of Pivotcon.

Description: With REDS, the goal is to shift away form the traditional malware analysis platforms that give mostly verdicts, and move towards a more transparent and comprehensive approach delivering accurate, contextual intelligence on malware samples, to help the analyst to actually understanding threats. We want to tell you exactly the "why" behind every assessment and recommendation.

Speaker confirmations in progress