This is field commentary reflecting what I am seeing in current engagements. The patterns are durable; the specific attribution to any threat actor or technology is a snapshot in time.
I have been doing this work since 2009.
For most of that time, the workload had a predictable shape: annual SEC cyber audits, compliance documentation gap assessments, corporate intelligence research, and the occasional breach response that would come across my desk and remind everyone why the audits mattered. The ratio was comfortable. By and large, new clients used to come from firms needing proactive work. Lately the new clients all seem to be reactive.
The rest of this article is available to members of the MTradecraft community.