Red Russians: How Russian APT groups follow offensive security research
Will Thomas
DEF CON 33 · Day 1 · Main Stage
In this compelling DEF CON talk, Will Thomas, a Senior Threat Intelligence Adviser at Team Camry, unveils a critical trend observed over years of tracking sophisticated adversaries: Russian advanced persistent threat (APT) groups are increasingly leveraging publicly available offensive security research and tools. Thomas argues that these state-sponsored entities, rather than consistently developing novel zero-day exploits, are exhibiting a form of "laziness" by rapidly adopting and weaponizing techniques and proof-of-concept (PoC) exploits released by red teamers and security researchers. This phenomenon presents both a significant challenge and a unique opportunity for defenders.
AI review
Competent threat intel talk with a clear, defensible thesis — Russian APTs are lazy, they recycle public offensive research fast, and defenders should get ahead of it by monitoring the same sources. The case studies are concrete and the detection guidance is actionable. But this is practitioner-level synthesis, not original research, and the thesis itself isn't novel to anyone who's been paying attention to APT campaigns for the last few years.