Insight and analysis on cyber threat intelligence, nation-state activity, OSINT, defense industrial base risk, and the intelligence tradecraft needed to turn complex threats into clearer decisions.
Weekly Threat Landscape: Thursday Roundup #6
This week’s reporting centers on access and scale. State-aligned actors are targeting people, platforms, and partnerships to expand reach, from Chinese phishing campaigns against journalists to DPRK operations exploiting developers and the Web3 sector, alongside growing Russia–North Korea alignment. China Targets Journalists in Sustained Phishing Campaign On 27 April 2026, Citizen Lab reported a sophisticated…
Weekly Threat Landscape: Thursday Roundup #5
This week’s reporting shows adversaries prioritizing embedded access within trusted systems, where they use identity, SaaS platforms, and legitimate workflows to sustain long-term presence and reduce chance of detection. Of these, China’s continued pre-positioning of access represents the most strategically significant topic due to its alignment with future military operations. Dutch intelligence says Chinese cyber…
Weekly Threat Landscape: Thursday Roundup #4
This week’s reporting touches a few different areas, but it points in the same direction. Infrastructure and operational systems continue to draw attention, while familiar access methods like social engineering are still proving effective. At the same time, newer risks are starting to show up as organizations rely more on AI and external platforms. Ukrainian…
Weekly Threat Landscape: Thursday Roundup #3
This week’s reporting highlights a continued shift in adversary tradecraft toward indirect access, targeting edge networks, legacy infrastructure, and emerging technologies rather than hardened enterprise environments. From GRU router exploitation to Iranian ICS activity and evolving AI risks, attackers are prioritizing access paths that are harder to monitor and easier to exploit at scale. Russia:…
![[Featured Analysis] The Drift Compromise and North Korea’s Cyber Revenue Machine](https://j2strategicadvisory.com/wp-content/uploads/2026/04/dprk2.webp?w=1200&h=900&crop=1)
[Featured Analysis] The Drift Compromise and North Korea’s Cyber Revenue Machine
Key Takeaways (tl;dr): Context North Korean cyber operations are often seen as isolated incidents, a crypto theft here, a phishing campaign there, but in reality, they function as a coordinated financial system. Recent reporting around the compromise of Drift Protocol suggests a broader pattern: DPRK-linked actors are conducting deliberate, long-term operations meant to generate revenue…
Weekly Threat Landscape: Thursday Roundup #2
This week’s roundup highlights state-sponsored cyber activity targeting government, critical infrastructure, and defense-related organizations, with a focus on strategic intent and geopolitical context. Israeli Authorities Report Surge in Data Wiping Attacks On 24 March 2026, Israeli authorities reported at least 50 data wiping attacks targeting organizations across the country, attributed to pro-Iranian and affiliated threat…
Weekly Threat Landscape: Thursday Roundup #1
This weekly roundup is meant to highlight key cyber and geopolitical developments observed over the past several days, focusing on activity the reflects the evolving tradecraft of adversaries, emerging risks, and broader trends shaping the threat landscape. It is intended for cyber threat intelligence analysts, security leaders, and national security professionals tracking where cyber operations…
Energy Leverage and Strategic Competition: Oil Disruptions and the Shifting US-China Balance
The global energy landscape in 2026 is shifting in ways that favor the United States in the short term. The US is now the world’s largest producer of oil and natural gas, while China remains the largest importer of energy. Recent disruptions to Venezuelan and Iranian oil flows have highlighted this difference and exposed vulnerabilities…
A Technical Post-Mortem of the Notepad++ Supply Chain Compromise
The modern software supply chain is built on a foundation of implicit trust; a trust that users and systems place in update mechanisms to deliver secure patches. When this trust is weaponized, the resulting compromise can bypass even the most robust perimeter defenses. Between June and December 2025, the Notepad++ project became the target of…
DynoWiper and the Polish Energy Sector
In late-December 2025, the Polish energy sector was targeted by a coordinated series of destructive cyberattacks using a new malware tracked as DynoWiper [1]. The operation affected over 30 renewable energy sites and a major combined heat and power plant during a period of extreme cold. Key Technical Observations: Attribution Discrepancy A fairly uncommon disagreement…
Something went wrong. Please refresh the page and/or try again.
J2 Strategic Intelligence Advisory 