Guest: Sandra Joyce, VP at Mandiant Intelligence Topics: Could you give us a brief overview of what this power disruption incident was about? This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here? We also saw a wiper used to hide forensics, is that common these days? Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves? How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really?  Could you share how this came about and maybe some of the highlights in our relationship helping defend that country? Resources: Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology | Mandiant Andy Greenberg’s book Sandworm  EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?