ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Ep. 13 - Proactive Security vs. Dragonfly: Using BAS, AEV & CART to Outpace Adversaries"
Episode Synopsis
In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley dive into the FBI’s recent PSA 25820 alert on Dragonfly (a.k.a. Energetic Bear, Static Tundra) — one of the most persistent, state-sponsored Russian cyber espionage groups targeting critical infrastructure and industrial control systems (ICS).
We break down Dragonfly’s latest tactics, including:
Exploiting unpatched vulnerabilities in legacy systems
Deploying custom malware (SinfulNOC) for long-term persistence
Conducting reconnaissance inside victim networks
Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART) can help organizations defend against Dragonfly’s TTPs (tactics, techniques, and procedures) and proactively test defenses against real-world threats.
Whether you’re a CISO, SOC analyst, or security engineer, this episode offers practical, intelligence-led insights to strengthen your cyber resilience strategy.
We break down Dragonfly’s latest tactics, including:
Exploiting unpatched vulnerabilities in legacy systems
Deploying custom malware (SinfulNOC) for long-term persistence
Conducting reconnaissance inside victim networks
Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART) can help organizations defend against Dragonfly’s TTPs (tactics, techniques, and procedures) and proactively test defenses against real-world threats.
Whether you’re a CISO, SOC analyst, or security engineer, this episode offers practical, intelligence-led insights to strengthen your cyber resilience strategy.
In God we trust