I’ve always had a deep respect for sophisticated technical talent and just wanted to highlight some of the elite cyber teams in the industry.
Better teams likely exist, but here’s something to start a conversation:
Elite Cyber Teams
- Google Project Zero
Project Zero is a full-time team dedicated to zero-day exploit research. Their team members are well-known and respected in the industry.
- FLARE (FireEye Labs Advanced Reverse Engineering) Team
FLARE is described as an elite technical enclave of reversers, malware analysts, researchers, and teachers.
- IBM X-Force
IBM’s X-Force has gathered several former Mandiant employee’s to build up their Incident Response services capability. Many of my coworkers consider IBM X-Force to be one of those elite teams they’d like to work towards.
- CrowdStrike’s Global Intelligence Team
We don’t have much information about the team members specifically, but in the conversations I’ve had they’ve been able to steal some top talent from other organizations and really have something special. Props to CrowdStrike for organizing the threat actor naming convention with Panda (for China), Bear (for Russia), Kitten (for Iran), and the list goes on. Example, although I do like the FireEye/Mandiant numbering scheme it doesn’t help with attribution to country like the name Anchor Panda (Chinese Threat Actor famously known as APT1, pictured below) does.
Added for their W2.Stuxnet Dossier released in February 2001 that tells the timeline, infection statistics, architecture, installation, and more about the famed Stuxnet malware.
- Cisco TALOS
The Talos Security Intelligence and Research Group is made up of leading threat researchers who create threat intelligence for Cisco products. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org, and SpamCop.
- Dell SecureWorks CTU (Counter Threat Unit)
The CTU is a team of elite researchers and security consultants highly versed in the practices and nuances of intelligence formulation.
- Cylance SPEAR (Sophisticated Penetration, Exploitation, Analysis, and Response)
The SPEAR team is a security research team tasked with finding vulnerabilities. The Cylance Operation Cleaver report is a product of theirs.
These might be better classified as threat actors, but their level of sophistication earned a mention:
Impressive Threat Actors
- Equation Group
The Equation group is a highly sophisticated threat actor that has engaged in CNE (Computer Network Exploitation) operations dating back to 2001 or earlier. They have a known nexus to nation-state actors and have accomplished some of the most impressive cyber attacks of all time.