Podcasts
Threat Vector
Ep 106
Threat Vector 2.26.26
Ep 106 | 2.26.26

The Billion Dollar Hiring Scam Funding North Korea

Show Notes
Transcript

David Moulton: Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest trends. I'm your host. David Moulton, Senior Director of Thought Leadership for Unit 42.

Evan Gordenker: Talk to your HR Team. You aren't yet and you are a network defender, and you don't have that bridge to the HR Team, please build it. That's the number one place where we're finding success in detection. That's the number one place where we're finding success in collaboration is HR Team says, Hey. Something is fishy here. We need the Security Team to interact with it, or the Security Team is able to back up the HR Team programmatically to say, Hey. I think you interviewed a North Korean. Or, Hey, I think you're about to interview a North Korean.

David Moulton: Today I'm speaking with Evan Gordenker, Consulting Director focused on AI and disrupting the activity of the DPRK. Evan has led extensive investigations into state-sponsored cyber operations, specializing in the disruption of North Korean IT worker networks. Today we're going to talk about navigating the evolving DPRK IT Worker Threat, why this campaign matters, how it operates, and what organizations can do to detect and defend against it. This topic is critical because these covert IT operations have become a billion dollar funding mechanism for North Korea's cyber and weapons programs, exploiting global remote work and weak vetting controls. Evan, welcome to Threat Vector. Really excited to have you here today and that we actually get to talk about this specific topic.

Evan Gordenker: Thanks, David. Thanks for having me, and great to be here.

David Moulton: I know that you've been investigating this issue for years. I want to say a few years back, I ended up having a conversation about this problem with one of your colleagues on Threat Vector, and we mothballed that episode. But we're now able to talk about it. I'm curious when the North Korean IT Worker Threat first appeared on your radar.

Evan Gordenker: Yeah. On my radar, 2021. But it's been going on much longer than that. I grew up in Japan. And when I was going to school is when they were testing their rockets. So sometimes they would fire their rockets over Japan, and we would have drills at school about that. So I've been fascinated with North Korea ever since, and I've been able to interact with this threat fairly directly now for several years. And I think it's a really fascinating threat. It's not going anywhere. Everybody is affected by it. So the more that we talk about it, the more that we can share about it, and the more that countries themselves are able to work with each other about it, the better we can go towards disrupting this and making sure that people's jobs go to actual people that aren't funding North Korean weapons programs.

David Moulton: So, before we started the podcast, you and I were talking about how this focus for you with the North Koreans and especially the IT workers was a passion project. Is that time that you spent in Japan something that influences the fact that you decided to assign extra work? You know, in addition to the proactive security consulting that you do with our clients, you also pick this up. It's too important to ignore. What is it that drew to you?

Evan Gordenker: I think it's a very human threat that there are humans in the cycle that are affected by this, starting with the North Koreans themselves. These are people that realize they're good at technology. They pass a math test when they're in about middle school age. And, if they're good, they get trained up on English. They get trained up on computer science. And, to me, it's really fascinating that it's like they're being coerced into this work as well. And there have been some defectors that have talked about this where there's just this chain of victims that follows straight from the top of the North Korean regime and then just victim, victim, victim, victim. And, along the way, there are a few people that profit, but most of all the people that profit are the leaders of the North Korean regime. I think it's fascinating how they stack up all of these victims. And, yet, the program is so successful that, even though we've been talking about it for years, even though the FBI has been trying to disrupt it for years, it's still just as successful as ever.

David Moulton: So you talked about this as something that's been going on for years. I'm curious if you can give us a snapshot of how this has shifted in scope and sophistication over the years, and has generative AI helped accelerate the program? Has it changed it remarkably? You know, just give us a picture of what you're seeing there.

Evan Gordenker: Yeah. The North Koreans have really made this a mechanized operation, insofar as there are people who are dedicated to doing interviews, for instance, who are dedicated to finding accomplices on the ground, who are dedicated to doing the actual job. And they vary in quality. But what you'll find across the whole spectrum here is that they all are very, very reliant on generative AI. And it's getting to a point where they're using it in very clever ways. But, from the very beginning, they've been very reliant on using it to write their emails; to write their code; to now they're using it to do deep fakes real time, video deep fakes real time, audio deep fakes. Just the other day, there was reports that people are using it to change their accents. The North Korean accent is fairly distinctive, and now they're using it in real time to change their accent. And so I expect this to continue in perpetuity. It's not a vulnerability that is going away, and it's a huge place where money is being made for the regime.

David Moulton: Evan, DPRK IT Worker Threat has evolved quite a bit since security community first began talking about it; and we need to talk about how the DPRK IT workers are moving past some old assumptions, embracing new tactics to embed themselves within organizations.

Evan Gordenker: So, when we think about how the DPRK IT Worker Threat has evolved, we're seeing a focus towards more use of accomplices. They're using accomplices during the interview stage. They're using accomplices during the application stage. They're using accomplices to even get people into offices. So there's this assumption that I come across a lot where it's like, Hey. We don't really hire remote workers, so we're safe. And what we found is that that's not necessarily true. For one, the North Koreans love to get in through the contracting angle. And sometimes business is such that you do need to hire like 10 people to work on a front end app because leadership tells you we want this two weeks from now. And so, often, big companies have the muscle to be able to surge in talent. And that's really where they get you is, like, you're surging in talent for engineering work; and, you know, maybe seven out of those 10 people could well be North Koreans. We have seen real instances of that exact count. The other thing is they're able to pay people now to go sit in an office and fire up a Zoom, give that Zoom remote control, and just have somebody work on their laptop on someone else's behalf. And what the North Koreans are doing is they're hiring people in the United States and around the world to just go -- go into offices and pass verifications. But then, once they're there, they're enabling remote access; and that's where the exfiltration happens. That's where some of the wage theft occurs.

David Moulton: So let's go back to the beginning and talk about this idea for -- for those that don't know what the North Korean IT workers problem is. Can you just give me the -- like, the beginner snapshot? I imagine most of our audience knows, but I want to make sure that we're clear on that point.

Evan Gordenker: Yeah. The North Korean IT Worker Threat is this operation that's been going on for about 10 years now where North Koreans are getting legitimate jobs, posing as people that are allowed to have those jobs. They're taking the money from those jobs, and they're funneling it directly into the regime. So about 80% is the thought of wages get garnished by the North Korean regime, with 20% left behind for paying facilitators, paying accomplices, and paying the people that actually did the work themselves. So these are people that are sitting -- they almost all are male, although some are female. They're sitting in apartment blocks in northeastern China. They're sitting in apartment blocks in eastern Russia. And they're just logging in and doing work. And sometimes it's real work. Sometimes it's actually good work. We've had clients tell us, Oh, that guy was a really good developer. It's almost a shame that he was North Korean. But most of them are kind of fly under the radar. Performance isn't so great. They're probably juggling three or four of these jobs at a time. And they're able to get into the soft underbelly of corporate America, of white collar work; and they're able to take those wages and funnel it directly into the North Korean regime.

David Moulton: And then, if you were to take that a little bit further, you have this job as an IT worker. How is that more effective than just a direct cyberattack going, you know, in and putting ransomware or stealing and demanding -- you know, demanding payment to get your information back or to keep quiet about an attack?

Evan Gordenker: I think what they've ultimately found is that there's power in volume. And because they're able to get so many of these jobs, they're able to generate millions and millions of dollars. So hundreds of millions is the thought. If you add it onto the larger cyber operations that North Korea does, it's billions per year. And what they're able to do is have thousands of less sophisticated individuals generating currency for the -- for the North Korean government this way. And it's also consistent. You have these paychecks across thousands of people. There's a sort of baseline income that can be established this way. So it's not as bursty as some of the, like, large-scale crypto theft attacks that they've been attributed to.

David Moulton: Evan, your research estimates that thousands of DPRK IT workers are active globally, generating hundreds of millions in revenue, as you just called out. What does the scale mean for global businesses and governments?

Evan Gordenker: It means you are being targeted. So, if you're a global organization, then you probably have North Koreans applying to your jobs. Almost guaranteed. What this means is any jobs that you have, certainly if they're remote jobs, you are being targeted. But even lower down the totem pole they definitely do go after hybrid jobs or in person jobs, especially in the front end engineering, back end engineering, database admins, IT admins. Those are the type of roles that they go after. If there's low human contact as in I don't have to sit on a call that often, I don't have to be responsible for output that often, those are the jobs that they're going after. And it doesn't really matter where in the world you're hiring. We've caught North Koreans with jobs in Brazil. We've caught North Koreans with jobs in Serbia. It's sort of around the world they're targeting these jobs. And, again, it was traditionally thought to be sort of an American problem. But there was a fundamental shift towards Europe in late 2023 and then now expanding around the world to target other parts of Europe, other parts of Asia and trying to get those jobs really anywhere they can get them. So I would really think about, if you are a global organization, or if you're an international organization and you have head count, which is just about any listener, you're going to be targeted by North Koreans. And understanding what you can do about that is probably going to be more productive than saying, oh, we don't hire remote.

David Moulton: Yeah. The head in the sand strategy never ends up working out well. So let's shift gears a little bit and talk about trade craft and technology. The briefing describes the use of fake identities, of AI generated head shots, and even some really convincing deep faked interviews. How sophisticated have these deception tactics become?

Evan Gordenker: I'd say they are noticeable if you know what to look for by the naked eye, still, but there will come a point where that's no longer true. So these fake identities, they'll spin up hundreds of identities. Sometimes we've noticed on individual North Korean computers, for instance, that there are spreadsheets for hundreds of different identities that this person is managing. And they will come with tailor-made resumes, head shots that depict them in various positions. So sometimes we'll find, like, stock photos that are just face swapped in. So it's a stock photo of someone posing in front of an American flag, for instance. We really have seen this. And they face swap the North Korean operator's face over that. And, when they show up to these interviews, sometimes they're just deep faking from the beginning. And sometimes they deep fake celebrities, which I think is very interesting. But they're trying to show up. And what this does is, when you're on camera, you can show up as someone that doesn't have the appearance of someone who might be East Asian; and that might be something that HR teams are looking for right now, even if they won't admit it. The other thing is they can avoid being detected. So we have -- we have a collection of North Korean operators' faces, for instance; and they're probably trying to avoid some of that. The third thing is they can show up multiple times to the same interview. You can imagine, right? David, you're hiring for someone. I throw in 400 of your 1000 resumes that you receive. And then I can show up as one person one day, fail that interview, show up as someone else the next day, and then potentially pass that interview. So I think there's a lot of advantages for them in that anonymous setting.

David Moulton: And let's talk about those detection tools. I mean, obviously you've got folks that think they can spot things, or they start to feel like they're trained. But, to me, it's the scale of this. And the tenacity of this problem means that we're going to need some level of systems, processes, and tools helping us out. Are -- are those tools, are verification processes keeping pace with the advancements on the deep fake side or, you know, the spreadsheets full of identities?

Evan Gordenker: I would say broadly no, they haven't been; and they probably never have been because this is not a threat that the commercial hiring scheme has ever been equipped to handle. But what I will say is at least today and for the foreseeable future deep fakes are detectable, probably not by the naked eye for very long. But there are ways that you can get deep fake detection. There are plenty of tools and technologies out there that can help you detect when there's a deep fake in your meeting, for instance. The other thing is that IDs are pretty hard to fake still. So these North Koreans, they will use Chinese black market ID shops to get their IDs where it's like, Hey. I can hold up my ID. It says I'm in Texas. No problem. But are you actually verifying that those IDs are real? ID verification, to me, is the number one way that you can detect these things where it's like, Hey. We'll give you a job offer, but you have to pass an ID verification. Beyond that, I think being able to look at your hiring pipelines to make sure HR Team A understands that this is a threat, and then B is doing something about it. So you can see, hey, where are these job applications coming from? What is some of the metadata associated with these resumes? And you can start to understand, as these things fly in, how many of them are potentially fraudulent, not necessarily North Korean but there's definitely signs that they could be North Korean on top of that. Those are things that you can start to detect programmatically and at machine speed now.

David Moulton: Let's talk about the insider risk side of things. And, specifically, I want to get into this idea of facilitators. You've written pretty extensively about operations that are -- are dependent on a facilitator network, people that receive the hardware, that are managing an account and, you know, from the profit side, transferring the money. How critical are these insider accomplices to these operations?

Evan Gordenker: Absolutely critical. Couldn't do it without them. So there's a number of different types of facilitators. The one that's most classically associated with this scheme is the laptop farmer, which is somebody who sits in the geography you're targeting, let's just say the United States in this instance, who will receive the laptops for these companies, boot them up, log in, set them up with remote access. And this remote access can come in the form of software or just software that's commercial that you can use to access the computer. It may come in the form of hardware. These are KVM over IP so machines that you can just plug into USB port, plug into DisplayPort, and suddenly you have something that behaves just like the human is on that machine. There's also use cases where the North Koreans are using malware to control these machines. So it's not just commercial software anymore, either. With the rest of the accomplices, we've seen their dependence really grow. So there are now companies, real companies in South Asia especially that specialize in showing up to interviews for you, just doing interviews on your behalf. Those are real companies that, in some cases, have been seeded and made successful by this North Korean scheme. There are others that are going around freelancer sites and just trying to find folks that are willing to mule their identities. So identity mules are people that will just serve as that final verification step where it's like, Hey. I am a real American. I'm allowed to work here, and this is my ID. That way you can beat some of that ID verifications. And then now there's additionally accomplices who are going out and finding accomplices for them. What they'll do is they'll pay some of their laptop farmers, for instance, to go and introduce them to friends and pay them quite well in some instances. So now these laptop farmers are motivated to go and find others. Some of them, they recruit their friends. Some of them, they go online and they recruit strangers to freelancing sites. And so this web of criminality just kind of expands outwards, and they like to spread their risk so that, when any given laptop farmer gets arrested, they are able to just pivot to another one. And it's not a big deal where they lose hundreds of machines. It's more like, Oh, well. We lost two of our laptops. Those are two jobs gone. Doesn't really matter. We'll just pick it up and start again.

David Moulton: Let's pivot to extortion and espionage. You know, the core mission was initially revenue generation via salary theft. But now we're seeing a pivot where recently fired IT workers threatened to release former employer sensitive data, including proprietary code, unless a ransom is paid. Does the aggressive extortion signal a broader shift from revenue generation to strategic espionage and disruption?

Evan Gordenker: There was always espionage and data theft. Since we started working on this in around 2021 when people really started to get privy to this and come to us with instant response cases, we noticed that they were kind of cookie monsters. They would grab whatever data they could get their hands on and steal that away, sometimes to very obvious means. If it's a aerospace company and they steal data related to how to design aerodynamic aircraft, for instance, then that totally makes sense for their regime. But other times it was nonsensical things were getting stolen, like acceptable use policies for a specific company. Or they were stealing front end code that was pasted online anyway. They were always motivated by stealing this data, and I think they have a treasure trove of data that could be useful for follow-on attacks by the North Korean regime. But I think, beyond that, they've always been trained, hey. Just go and grab data. The shift that we're seeing -- and this started kind of late 2022 but has really accelerated in 2025 -- is this extortion piece. So what they do is they say, Hey. You fired me, but I actually stole your data. I stole your customer data. I stole your proprietary code. I stole some of your policies. And they come and say, Hey. If you don't pay me my last paycheck, or if you don't pay me $4,000, I'm going to leak this online. And they do. They really do leak it online. But this aggressive shift towards saying, Hey. The cat's sort of out of the bag, right? People are fairly aware of the North Korean IT Worker Threat. And so now they're being much more aggressive about going after that final paycheck, going after a follow-on payment that might be useful, and in some cases it really works. So I would expect this to continue. It wouldn't surprise me if they got more aggressive with this.

David Moulton: Evan, let's shift our focus a little bit and talk about detection. What signals should SOC teams and HR departments watch for when reviewing employee or contractor profiles?

Evan Gordenker: Yeah. So I would start this as primarily detection of HR data. And many security teams still aren't in great contact with their HR departments. So, if you're able to, please introduce this threat to HR departments. Sometimes they are surprised when they hear about this. And then get to a point where the SOC is able to access HR data, not necessarily just data about who people are but also data about how did these applications come in? How did the interviews go? Was there any indication during the interviews that something might be amiss? We've noticed that, when HR teams are properly aware of these, they actually detect things on their own. So many of our clients tell us, Hey. Now the HR teams reach out and tell us, Hey. I think this person was a North Korean. And the SOC will go and investigate some of the artifacts that might be left behind; and they'll say, Yep. That person you interviewed was definitely North Korean. Let's make sure we don't hire them and move on. So all the primary defenses will come before the person is hired. So you want to be looking for things like what sort of infrastructure was used to attend the interview? How did they interact with the interviewer? Did they say anything specific about where they claim to live, for instance? Sometimes that can be a fairly good indicator. Once you think about can we detect these things once they have been hired, it's going to be a lot of hunting for remote access tooling. And hunting for this tooling I think is going to pay dividends for you, regardless of the threat. The ransomware actors love these RMM tools, for instance. So making sure that you are locking down the environment so that remote access is very, very difficult will go a long way to preventing the stretch.

David Moulton: So I know you've led some of the incident response for companies that have unknowingly hired some of these fake IT workers. What were some of the common mistakes organizations made once they discovered that there was a threat?

Evan Gordenker: I think there tends to be a little bit of a period of shock. This was more common back a few years ago before this threat was widely known. But the shock of, like, this person wouldn't be North Korean. Like, how do we know this person is North Korean? And I think in the moment it doesn't really matter when they're North Korean or not. What matters is that you had a malicious insider, and you should go and lock down your environment to understand where did they have access? Have we cut off their access effectively, and what did they take with them? That's probably more important than establishing their identity right off the bat. Once you get some of those kind of immediate hair-on-fire moments out of the way, then you can really sit down and have that conversation, especially with your legal team and external counsel to understand, if this person was North Korean, what sort of risk does that introduce? So you'll probably want to be able to answer questions like what did we do for identity verification, if anything. And what do we do for background checks, and were there any inconsistencies there? And, once you go back and look at the full scope of the -- of the investigation, you'll probably be able to tell where there's opportunities for improvement in your processes. But I wouldn't get bogged down, especially in those first few hours or days, about whether this person was North Korean or not. I would get bogged down with understanding what did they do and what did they take. That's probably more important in the moment than figuring out the motive.

David Moulton: I imagine you didn't think you were going to get out of this interview without talking about AI. And, as AI has accelerated things like email perfection, maybe helping with accents, working on, you know, the deep fake side of things, how is generative AI rapidly reshaping this problem?

Evan Gordenker: What we're finding is that it's not just North Korea; that, A, there are other nation states that may have picked up on this as a vector and are starting to experiment with it. But there's also just fraudsters who are experimenting with this. And what AI is doing is it's enabling anyone to sound like an expert. And your HR Team has surely noticed this, too, where the amount of applications that we're getting now that looked picture perfect and polished is crazy. And HR teams are unable to keep up with this volume. And part of that is because, A, the North Koreans have absolutely mechanized this. They have automated applications. They have teams of people who are just using ChatGPT, etc. to get picture-perfect resumes and just firing them out there, hundreds an hour. And you have all these other people, these fraud actors, that are interested in getting into your company and stealing money from you. The role of AI is number one about proliferation. It's not just North Koreans. And, when it is North Koreans, it's a lot more of them. The other thing is that this is making it more effective. You're able to mask identities really effectively using AI, and you're able to change your appearance or what you sound like. So I'd expect this trend to continue kind of in perpetuity.

David Moulton: Let's flip the script a little bit. Are there AI-driven defense strategies that are keeping pace with, you know, you mentioned the synthetic identities or any of the types of problems that HR teams are having or IT and security teams are having?

Evan Gordenker: Yeah. Some of the best security teams are using AI to collate a whole bunch of data and then analyze it to see if there's risk in there. So you can start to piece together. Throughout the hiring lifecycle, you have all these places where you can collect data. Once you collect that data, you can use AI to do a first pass, for instance, to find, hey. Here are some of the instances where there might be elevated risk that we would want humans to review. The other thing is AI is pretty good at detecting these things. Not necessarily generative AI but AI that's trained to detect deep fakes, for instance, are still very, very, very effective. If you have a way to make sure that you're gathering that data and feeding it to the appropriate places, then you can keep pace; and you can figure out where there's risk before they get into your company.

David Moulton: So something that I've been struggling with over the last few years is this idea of, you know, pulling yourself up, having an open mind, learning as an individual, and then building systems and thinking about things from a systems design standpoint. And, as you're talking about this, I'm struck by the idea that organizations are being asked to individually come up with ways of keeping up with a fast-moving threat actor, you know, a highly motivated threat actor, and that we need a systems design approach. And I know that the latest UN SMMT report explicitly calls on member states to exercise vigilance and provides clear recommendations to counter this threat. But I'm curious. What can governments and international organizations do to help counter the threat at that systems level, something that's a global policy or a collaboration across borders because it doesn't seem like these threat actors particularly care where they're attacking, who they're attacking, and what the rules of engagement are in a organization or in a geo.

Evan Gordenker: Yeah. So the UN I think did a really good job, and we helped them with this report. This Multistate Sanctions Monitoring Team was able to go in and say, Hey. Here's kind of the full spectrum of the attacks from start to finish. And what we found is that there's a lot of opportunity for collaboration, cross-border collaboration, cross-organizational collaboration. And I would say some of the biggest intelligence wins that we in the security community have had were because of collaboration between security teams. So the more that we're able to talk to each other candidly about some of these threats and what we're seeing, the better we'll be able to structure our defenses. For the nation state perspective, when you are a government and you want to go after these states, there's a few nice advantages. One is that a lot of this stuff still starts in the traditional banking system. In the traditional banking system, things don't move as fast; and we have better controls. So, if you can empower victims to come to you and quickly triage things, I think there's better chance that you can stop money from flowing into North Korea. And then, even if things have left your borders, for instance, if you have good relationships with other countries around the world that are willing to collaborate, that want to improve the cyber posture of their country and their communities, then I think you can get to a point where we're collaborating a lot on what sort of infrastructure they're using to follow money out of the free world and into North Korea.

David Moulton: So let's look ahead a little bit. How do you see this IT Worker Threat evolving in the next few years?

Evan Gordenker: Yeah. I'd expect more of the same. It's going to be higher pace. It's going to be higher volume. They're going to still go after more jobs now. They'll be going after -- we've seen them expand out of just remote jobs, for instance, to proliferate into hybrid jobs, in-person jobs. I'd expect that to continue because, for them, this is -- this is a necessity. They make their money. They're surviving off of this. And, for the individuals that are perpetrating this scam, this is -- they are judged on how much money they're able to bring in. And necessarily they will be creative about this. So expect the threat to stick around for -- for a long time, and expect it to get more accelerated and more targeted. That doesn't mean that there's nothing to do about it. I think a lot of the collaboration, we haven't built the muscle to talk amongst teams, to talk amongst companies, to talk amongst industries, and even to talk amongst countries about this threat. So building that muscle of saying, Hey. Here are some network indicators that you should watch out for and be able to share that with someone who's able to share it widely in an anonymized context might be really helpful towards preventing one attacker from being able to have six jobs around the country, to just keeping them limited to one at a time, for instance, so we can slow down the volume. And, really, I think there's an opportunity for us to just improve our baseline detections, especially in the HR space because, frankly, it's going to be a space that is increasingly targeted as AI proves out that our hiring model is in some ways just fundamentally vulnerable.

David Moulton: Evan, thanks for a great conversation today. I really appreciate you getting deep into your insights around the North Korean IT Worker Threat and talking to us about what organizations can do to mitigate this ongoing problem.

Evan Gordenker: Of course. Thank you for having me. And, for everyone out there, please keep safe and good luck.

David Moulton: Evan, if folks want to reach out to you about the blogs that you've written and/or the reports that you've contributed to or led, where can they find you on the internet?

Evan Gordenker: I'm on LinkedIn. I'm not terribly active. But feel free to shoot a message there, and I'll get back to you.

David Moulton: That's it for today. If you like what you heard, please subscribe wherever you listen. And leave us a review on Apple podcast or Spotify. Those reviews and your feedback really do help me understand what you want to hear about. If you want to contact me directly about the show, email me at threatvector@ paloaltonetworks.com. I want to thank our executive producer, Michael Heller; our content and production teams, which include Kenne Miller, Joe Bettencourt, and Virginia Tran. Original music and mix by Elliott Peltzman. We'll be back next week. Until then, stay secure. Stay vigilant. Goodbye for now.

Threat Vector
Podcast Info
HOST(S):
David Moulton

Meet David Moulton, the voice for Threat Vector, the Palo Alto Networks podcast dedicated to sharing knowledge, know-how, and groundbreaking research to safeguard our digital world.

Moulton, leads Thought Leadership for Palo Alto Networks, draws on a rich background of experience, including roles in design, strategy, marketing, and sales, to connect with experts from across the globe.

Schedule: Biweekly, Thursdays
Credits: Executive Producer is Michael Heller, Show production by Kenne Miller, Joe Bettencourt, Virginia Tran and David Moulton. Editing and audio engineering by Elliott Peltzman.
Creator: Palo Alto Unit 42
Threat Vector