Threat Talks - Your Gateway to Cybersecurity Insights

Hacktivists don’t need zero-days to hurt you—they weaponize people. Host Lieuwe Jan Koning sits down with Yuri Wit (SOC analyst) and Rob Maas (Field CTO) to dissect APT Handala: how they hunt targets, deliver wipers, and brag about leaks. We map their moves to the Lockheed Martin Kill Chain and turn it into a Zero Trust defense playbook you can actually use—today.


Key Topics Covered
•  Handala’s playbook: people-centric recon, phishing kits, wipers, boast-and-leak ops.
•  Zero Trust counters: deny-by-default egress, newly-registered-domain blocks, hard EDR, passkeys.
•  SOC tells: DNS DGA spikes, encrypted C2 on common apps, “human error” as the biggest CVE.
•  Comms reality: when openness helps—and when strategic silence limits amplification.

Additional Resources
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Tor Project (onion services): https://www.torproject.org/
• Threat Talks hub: https://threat-talks.com/

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

What is Threat Talks - Your Gateway to Cybersecurity Insights?

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats.

We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals.

Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

What should you do if a
hacktivist is on your tail?

Welcome to Threat Talks.

My name is Lieuwe Jan Koning,
and here, from headquarters at ON2IT

we bring you Threat Talks.

And the subject of today is APT Handala.

Let's get onto it. Welcome to Threat Talks.

Let's delve deep into the dynamic world
of cybersecurity.

I'm joined here today by my two dear colleagues.

First of all, Yuri Wit.

He's a SOC analyst.

Welcome.

That means that he looks a lot at
anything that happens in the world.

And so he knows a thing or two
about how hacktivists work.

So we're going to learn from you today.

And on the other side,
a familiar face to all of us

also, it’s Rob Maas. He's the field
CTO of ON2IT and everything

he learns from what we see, he has to adjust
the strategy of our customers to make sure

that these things do not do
any harm to those organizations.

Welcome, Rob. Thank you.

Gentleman, hacktivism.

We talked a lot about
different types of hackers.

It's about time that we talk
about this specific group. Most of it,

we talk about cyber criminals

that do ransomware, for example,
for financial gain, nation state actors.

We love to talk about them, because they
have the coolest tech, more or less, right?

But, hacktivism is also a real thing.

So, let's explore a little bit.

Yuri, could you explain what
motivates a, what is a activist?

Well, a hacktivist is similar in a sense
to a nation state where they are

definitely politically motivated.

But instead of a nation state being
directly backed by a nation, they're not.

They're just on their own initiative.

Doing their thing,
trying to get their word out.

Their message out. So everybody with
an opinion can try to become a hacktivist?

Yeah. Okay.

And this particular, I mentioned
the APT Handala group, right?

What's their cause?

Their cause is a very, very strong
pro-Palestinian movement.

Anti-Israeli movement.

So they have been especially active during
the recent surge in the conflict there.

Yeah.

They're motivated purely with a sense of
disrupting anything and everything Israeli.

Do we have any notable examples, Rob?

Yeah.

I think they had a big, bold claim that
they took down parts of the Iron Dome.

So I think if that's...

I'm not sure if it is verified or not,
but at least they have claimed it.

I think that's a pretty massive thing
that they have done then.

Yeah.

Okay. So, let's explore how this group works.

And we thought we’d use
the Lockheed Martin

kill chain model or philosophy
to explain all this.

It's seven steps that every hacker needs
to go through to end up at the last step.

The last step is act on objectives.

Now, we just heard about the objective,
disrupt, right, here or hinder the Israeli forces.

That's the objective here.

But there are, in total seven
steps to get there, and, well,

let's explore them one by one.
And then also, we'll ask you,

what this group does,
to achieve this step,

and then we get to Rob, because
he has to solve this, right?

Yeah, yeah.

Let's try to make it hard for him. Okay.

So the first one is, reconnaissance, right?

What is the goal of reconnaissance?

Why do we have this step first?
Why does a hacker do this?

Well, reconnaissance in a general sense,
is just to define the target.

It's the preliminary step to figure
out the scope of the attack,

where they can attack, how they
can attack, who they’re going to attack.

Now, for something
like a nation state APT,

this reconnaissance would primarily
be focused around identifying the targets

infrastructure and entry points and
stuff like that. IP addresses, that stuff.

Exactly.

Yeah.

But for a hacktivist group
like APT Handala,

their primary goal of reconnaissance
is to identify

their targets via social media or via
the internet, just in general,

not specifically on target networks,
but on target people.

So, yeah, identifying people
through stuff like LinkedIn,

is a major step, identifying spokespeople

for specific organizations
with a strong anti-Israeli

sense. And why? Because they want
to get into their systems or they

want to target them with emails
or shame them or what?

Mostly to target them with emails
and other phishing tactics.

It's not necessarily focused
on actually exploiting

infrastructure, but more
focused on exploiting people.

Rob, what are we going to do against this?

This is already a very hard one.

Because, you cannot do much about it.

So the main thing here is awareness,
that everything you put on the internet

can be found by anyone.

So also including this group.

But most people are on LinkedIn. Yeah.

So it would be nice if, as an example,
if you have a very specific

operating system or very specific system
that your people won't say, hey, I'm

engineer of system X,
on LinkedIn, for example.

Because then you're already giving
away: hey, so we run system X.

But yeah, it's really hard.

It's really a soft measure.

And I prefer always
that we can do things really

with systems and techniques.

So you prefer not to focus
your efforts on...

No, awareness is good to do.

But it's not where you win
these kinds of battles. Yeah.

Luckily, we have seven steps,
and we only have to catch them once.

Correct.

That's the benefit... So, the next
one is weaponization, Yuri.

What is that?

Weaponization is the stage
purely used to arm the bomb,

to get ready to actually exploit some flaw,
either human or physical. Or digital, sorry.

In this case, for the group, weaponization
is usually the creation of

specific crafted, malicious phishing
emails or SMSes or other messaging,

that either contain links
to malicious domains.

Either contain malicious files that
contain other payloads, maybe like a PDF,

that has some exploitation measures inside of them.

We commonly see with this group that they

craft their emails and their SMSes
in Hebrew, which again,

shows that they specifically target,
Israeli organizations.

So this step is completely done
in your own home, more or less.

Right?

You're writing your email, you're
setting up some infrastructure, etc..

So, I'm betting that Rob is not
going to help us here, right Rob?

This is the step where we
can do absolutely nothing.

Okay. It's completely offline for-
Delivery.

Yeah, that's the next step. Yeah.

What does that mean?

Well the delivery that's the...

Well, if the previous step
was arming the bomb,

then the delivery is literally
delivering the bomb.

In this case, it's those same emails
that they crafted beforehand.

It is just sending them out in bulk
towards all the lists of targets.

Now this can go via emails.

This can also go again via SMS.

Doesn't matter how it gets there,
as long as it gets to a person

who has the potential to open something
malicious and detonate it. Yeah, so this is

the first time your organization
actually sees something about...

that someone is trying
to talk to you. Before,

in the early stages, you will
probably not see it. Yes.

At least not with this, at this ...
No. Exactly. Yeah.

Are you going to be more happy yet?

Finally we can do something.

Still ... Tell us all about it.

So still awareness is a thing here.

But now we can also put some
real measures in place.

So, like anti-spam filters.

Also maybe blocking attachments,
if there are any attachments, scan

for the attachments, well,
sometimes that's in the anti-spam.

Also making sure that the URLs in the

email themselves are not
clickable, or that at least the

firewall, for example,
will block them.

So we have a lot of measures here
that we can hopefully prevent

the email from reaching the target

or at least preventing them from
opening any files that are in there.

Yeah.

Because it's probably very hard to make
sure that nobody ever clicks on the link.

That's impossible.

So in the end, so,
if it is a mass email,

then you might be able to filter out,
hey, this looks like very generic,

it might be spam.

But if it's more spearfishing, that's
more targeted to one organization

or even one person,

then it's becoming really hard
to see if the link is valid or not.

So in the end, people will click-
Yeah, user training

is the myth, that you need
to train your users.

Yeah, awareness is always good.

But I would say awareness is,
the best thing about awareness

is that people say, okay, I accidentally
clicked and I’m not afraid

to tell that in the company,
so that people can take action.

So awareness is a good thing to do,
but also foster a culture

where people are not afraid to say, hey,
I might accidentally click a link [ ]

Yeah, or I saw something. Isn’t it becoming
harder and harder, because now with AI and,

I mean, before, if you need
to write a Hebrew email,

then you would probably
learn the language, nowadays,

I mean, I can write it.

I speak no words in Hebrew,
but I can write it thanks to AI.

Right? Yeah.

And they also can be really,
really, simple. Like, really,

you don't have to have a lot of knowledge
to make a perfect phishing email.

Correct.

We did a workshop the other day.

We told people who have
no experience with,

hacking, or computers in general.

And we just gave them ChatGPT
and we made a phishing website.

It's so simple and it looked really genuine.

So, that means, so
awareness is good,

like I said, but it will
not solve the problem.

There needs to be technical measures ...

Yeah, there needs to be technical measures
that will block the newly registered domains.

The URLs will scan for things,
in the email. Would you say

it would be good that we say
you can click on any link... [ ]

Assume that every link will be
clicked, that you will receive.

And still you need to have the
protection to block the delivery.

Correct.

Human error will always be
the largest CVE.

Yeah.

Yeah. Yeah.

And we cannot rely on patching it, because...

No. Well, maybe we can replace humans
with the AIs. That's a few years out.

Let's save that for another
Threat Talks. Next season

we’ll explain how that went.
We or the AI?

Just replace all of us with an AI.

You assume I’m not AI.

Yeah. So, delivery.

We can do a lot in delivery then
that helps, but we cannot be sure...

That's in step three.

We still have four to go. Let's see.

So, the next one is exploitation.

Well following the same bomb... Analogy.
Analogy that I was using,

the bomb has been delivered,
it has reached the targets.

Now it's time to detonate it.
And that's the exploitation.

In this case, for this APT, it's usually
in the form of a URL being clicked,

credentials being put into a phishing site,

or the execution
of a malicious attachment.

Either a zip file containing just
a binary that is executed

with a payload, or a PDF with
malicious behavior built into it.

A credential phishing site,
I can imagine is fairly easy to make.

What would they do, this group?
This group, they do

phishing attacks where they literally
just try to phish for credentials.

Their primary focus, however, is to use
existing credential dumps from other hacks,

can be completely unrelated to the target
at hand, just for credential stuffing.

Once they know usernames, they can
just try brute forcing those usernames.

Until they get a hit and gain
entry into anything.

And from there, they continue. Yeah.

But then, this step, exploitation, generally
is a more difficult step for the attacker.

I mean, because you need
some kind of binary

then, once you have
the credentials, need

to install something
to elevate privileges.

That's also what you're talking
about. I think. Yeah. Well,

that's true in a sense, but mainly
for this APT, their goal

isn't to get, like, the highest privileges
in some of somebody’s network.

Their main goals are the disruption
of services and the exfiltration of data.

You don't really need
high privileges for that.

I mean, any employee of any company
has access to at least

some data, which they might already
find sufficient for their attack.

And as long as they can deploy
their wipers or deploy ransomware

or anything on a high value
target machine, then they're done.

They don't really need access to the entire-
Wiper is not this step yet, I think. No, no, no.

Well, no.
We’ll get to ...

So, the exploitation, Rob,
what can we do against this?

So because, he just managed
to have someone to

click on a link, and the delivery went on
because we weren't able to detect it.

So now there is an executable
on this machine.

So we have a few options here.

So first, so we failed to prevent
the link from being clicked,

whether it was awareness
or any URL filtering.

So the URL was clicked or
the binary was downloaded.

Or it may be directly delivered.

Then on the execution,
we can rely on EDR software.

So the endpoint detection and response that
might say, hey, this binary has never been run before.

Let's check if it is valid or not.

So strict policies can help there.

Even if the binary is seen as valid
then during the execution,

proper EDR software will say, hey,

this is really strange
what this process is doing.

I will kill it.

So that's on the binary side.

For the credential part:
implement multi-factor authentication.

So that credential phishing
is much, much harder.

And even if you have credentials
that you cannot easily use them.

[ ] Preferably a technique that doesn't

require you to type in stuff,
like passkeys or so.

Yeah, also I like the trend where we go

to passwordless authentication,
makes it also a bit harder,

although we still have the problem that
there is then one system, mainly email,

that if you have access to that...
[ ] as soon as possible anyway.

Yeah, that's a long debate.

So there's quite... Quite some
things you can do here.

Quite an important step to
put some measures in place

for attacks like this
and in general probably.

Yeah.

So the next step, Yuri, after
exploitation, is installation.

What's the difference?

The difference is, the exploitation is still
trying to get into the system, at installation

they are in, they're trying
to, or they're ready

to put their measures to
good use, to fulfill their attacks,

basically. To good use: in their view.
In their view, of course. Yeah.

We're getting to the final steps, before-
If you’re a SOC analyst at

ON2IT, you put yourself
really in the hacker's mind.

Yeah. You can see that.

Okay. Yeah.

So for, well, exploitation would be
the execution of malicious

payload or, the stuffing of credentials
into a login page somewhere.

The installation would be actual execution
of the payload doing something.

Such as? Such as a wiper malware,
where the goal is to just wipe

the entire machine clean
where it's run on...

So destroy information or make it
malfunctions so systems go down.

Yeah. Exactly. Wiper.

There is really only [one]
purpose to wiper malware

and that is the disruption of services.

You can't really do anything
else with wiper malware.

But, the installation of wiper
malware would be

to actually load it into memory
and have it go through the entire disk

space to remove everything that can be found.

And another part of their installations
that we have seen would be, not

necessarily the destruction of data,
but the exfiltration of data.

So they were able to successfully stuff
credentials into some page of their target.

And then during the installation,
they would start to retrieve all the

juicy information that they might want to
exfiltrate and potentially leak to the public.

Okay. What can we do against this?

What can we do against this, Rob?
Also a few steps.

So we, already discussed EDR
software, that will help here.

I can prevent the installation of
the binary into the system,

because most attacks want
to have persistence on the system.

So if the system is being rebooted,
they don't want to rely on

the user clicking the binary
again on the email,

but that it will be automatically
start with the system.

So EDR software will help.
Also, hardening systems.

So a lot of tools will make use of existing
other tools on the system: living off the land,

it's called, to get that installation done
or getting things into the registry

or into automatic server startup.

So hardening the system,
make sure that the user

doesn't have these tools or at
least doesn't have the privileges

to run these tools, to make it much harder
to get successful installation.

And depending on the operating system,

this is either by default, impossible
already or really hard to do.

Yeah, that’s correct. Not naming any names.
Sometimes it takes some time to get it done.

Okay, so what is not clear to me yet,
you say it's also the exfiltration

part could be here as well. Don't we
need to a next step for this?

No. Not the exfiltration,
the gathering of the data

they might want to exfiltrate.
Yeah. Okay.

The autonomous part of it,
without any... Yeah.

Because the next step is
command and control.

Yeah. What's command and control?

Well, command and control in a general
sense is to control and command

whatever you might have attacked
or gotten access to within a target system.

In this case, command and control
for this group is much more plain.

It isn't necessarily to send
commands to certain systems.

It might be. We have seen that the
Handala wiper, which they've used

before does have a C2 component,
but it's very limited.

The main part of C2 for this group would be
the exfiltration of the actual data.

And the- I can also imagine that you first
want to focus on spreading your malware

more, than in one big bomb, wipe
everything out at the same time.

And for that you would need, well,

you could probably set a timer, say at
midnight or so, on a certain date.

But it's much more convenient that
you can, if you can send a message.

Yeah.

How do these things
get implemented?

The well, the group has
a very strong presence

on channels like Telegram or,
sorry, apps like Telegram,

where they spread their message,
their malicious links.

And they use that as an attack factor
for their targets as well.

Yeah.

So it could be that the malware
that's installed up until now,

also connects to a Telegram channel,

and that's their form of command
and control. Yeah.

That would be yeah,
that would be consistent-

Is it always malware
that's phoning home?

Command and control?
Mostly. Yes.

At least for this group. Yes.

You also have the other way around,
passive backdoors.

But we don't really see
this group doing that.

It requires a much more
sophisticated level of attacks.

In this case it's usually just phoning home.

So the malware, once we get to the stage,

you could see some traffic
going out to some...

Because this sounds a bit
like a weak point.

Yeah, right.
You'd better make it autonomous.

Like we have Stuxnet
that we have seen that one

that was on the other side
of this conflict. I think. Yeah.

So Rob, this guy wants to
command and control.

What can we do against that? So,
we can put network filters in place.

So DNS is often used, so DNS filtering
is very workable to do here.

Also- About that, you mean
if the malware requests

a certain hostname, and
it will get an IP address back

of course, that's how DNS works.
And the IP address is the codification...

No, sometimes...
Yeah, the DNS requests itself.

So it's going to a hostname that's owned
by the attacker in most cases.

And then they can prepend the
sub domain in front of a domain

that will also end up with the attacker.

And then you can there,
for example, leak information.

That’s one way of doing it.

The other way is using Telegram,
X, previously known as Twitter-

I thought this group was
banned from X at some point.

Yeah.

They were.
They were, they are, they were.

Oh really. Yeah. But blocking,
so let's start with servers.

Servers should not have any access
to external systems whatsoever

unless very specific and
very much required.

Yeah. The Telegram connection
shouldn't be possible.

No. Why would you allow a server...
Exactly.

So that's the easy part.

The hard part here is often
the user systems.

You say the easy part,

let me pause you there for a moment, because
is this common practice with organizations?

No, unfortunately it is not.
But it is easy to do.

Yes, it's low hanging fruit
to defend yourself.

Yes, I would say it's low hanging fruit.

You can easily figure out
what a system needs-

And very effective.
And very effective. Yeah.

Even if malware is installed, you can
prevent it from becoming active,

if there is no command
or control system, in most cases.

But on user systems this is quite
hard, because we're now in

a time where we allow people
to go to the internet freely

most of times and we put
some URL filtering place.

But I think if you test it out
that most users can just

go to Telegram or WhatsApp or x.com.

And that can also be
used by these malware.

Yeah.

The trick is to use a very
commonly used ecosystem.

Yeah.

And play into that are you blend in
with the regular traffic. Yeah.

And then detecting
if there's anything sent

that looks like command and
control traffic is really hard,

but it's even much harder because, not
everyone has implemented decryption.

I would even say, just a small part
of organizations have decryption.

So if it is encrypted,
then, you're more or less lost

in protecting yourself from command
and control traffic coming

in, and then you solely
rely on your EDR system.

You also mentioned DNS.

I mean, if exfiltration, or
the command and

control is through DNS,
every server has DNS enabled.

Yeah.

Kind of. Otherwise nothing would
work, right? So how do we...

Yeah. So there are a few options here.

DNS security that, for example,
can filter out the main

generation algorithm, DGA,
that’s often used, so then

the malware will generate a lot of
domain names, and only a few are valid.

And you can figure that out- Where is this
implemented? In the DNS server itself

or is it in the firewall?
Mostly in firewalls.

Sometimes you have external software
for it, but mostly in the firewalls.

And that can, for example, detect,
hey, this host name is, or this

domain name is getting
a lot of sub domains.

So this looks like a domain generation
algorithm that's being used.

So that's one way of detecting it.

Another one very simple is,
check for newly registered domains.

So, quite- Don't resolve them.
Don't resolve them.

Most of the times they are only
short lived, there for a few days,

and then they're already detected
because the threat intel

is being shared and then the
attacker moves on to the next one.

So that's very effective.

But sometimes, some attackers that plan more
in advance, will have a few domain names ready

that are already registered for
at least more than 30 days.

Clear.

Last step is: act on objectives.

Is the final step where we
can’t do anything anymore?

Or, how does that work?

Well, if the attackers get to this step,
you're kind of lost already.

This is the step where they do actually,
achieve their exfiltration of data.

They achieve the wiping
of a target’s system.

When you get to this point, there's
not a lot that Rob would be able to do.

At this point, the target machine
is wiped, the data is

exfiltrated, and they'll be getting
ready to share their success

on their social media platforms.

So what does APT Handala do in this step?

APT Handala, well, they like
to boast about their attacks.

They have their own website,
accessible either via an onion link,

but they also just have a regular domain,
where they- An onion link is? Onion link is

a URL. It's like a domain name.

But it's only usable over
the dark web.

So you need a Tor browser
to travel to an onion link,

because it will be proxied through
a lot of different servers.

I don't think there's a single APT worth it’s salt,
that doesn't have its own domain on an onion link.

Unless they specifically don't-

But their goal is to spread the word,
so you can make your

news only available in the dark
web for the other hackers,

but that's not their goals, so therefore
they also have a regular site.

They have a regular site.
They have a Telegram channel.

They have very known accounts on a lot
of major forums online, like breach forums.

They have a Twitter account, or X account.

They have many different ways
of spreading their message,

of boasting for their attacks
of saying, hey, we did this.

And that includes also the leaking of
data that they might have exfiltrated,

whereas another APT or ransomware gang
might exfiltrate data just as like, a backup

for if the customer doesn't
want to pay the ransom.

APT Handala exfiltrates their data
with the primary function

of leaking that data,
sensitive informations about,

user accounts on specific websites,

sensitive information, technical
specifications for the military.

And this is probably where hacktivists
are different from all the other groups.

Because, so far we've heard
a lot of, defense that we can apply.

We should apply anyway.

And, it's effective for
multiple types of attackers.

But this is a different thing. Yeah.

Is there anything in particular
we can do against this?

For example, if you are likely on
the receiving end of a group like this

and we talk now about Israel,
it could also be oil companies

or governments and all that ...
Is there anything

in communication, for example,
what's a good way to respond to this?

If you are a victim?

It depends a bit, I think. In general,
I think, if you become a victim,

it's good to be open about it.

Of course you can, have a discussion
on what details do we bring out,

but just to open up and tell what's
going on and also how you’ll approach

the solving of the problem.
I think that's good to do.

I believe I've seen it in the past.

It's always appreciated
by a lot of people. Hey.

Okay. We know now what's going on,
why the phone is not picked up or whatever.

We can also mention in this case,
if the Israeli forces will rather not say

yes, they hacked us.

No, that's, I think that's quite sensitive
for those- [ ] to downplay it.

They must have some kind of playbook.

What is the playbook of
the Israelis against this?

Mostly deny. Pretty much every
attack against direct Israeli

organizations, either the military
or critical infrastructure for

Israel has been deny, there was
a breach for the Israeli police.

Handala has leaked data about it.

The internet pretty much agrees
that the attack actually happened.

Israel does not agree.

They deny, deny. No confirmed
sources for journalists and everything.

So and that's why we say
allegedly they did this.

Exactly.

But it very much looks like it.
Quacks like a duck, right?

Yeah.

Okay. So, downplaying this for,

we always advocate be open about everything,
but maybe this is the best strategy

if you're in a political fight then.
Yeah.

The difference between a group like
Handala and other APTs is that,

a nation state APT might target a lot of different
organizations from a lot of different nations.

In that case, be open about it,
because all the mistakes that you made,

people can learn from.

But in this case, since pretty much
the only target is Israel and Israeli

backed organizations, there is no
benefit to sharing that data.

If you’re attacked-
They probably do that internally in their

cyber security center.
Of course. Yeah.

But they wouldn't state it online
saying, hey, we got breached again.

Hey, and what if you are indeed in the oil
industry and there's some environmental

organization that attacks you,
is that the same,

is the best playbook for them
to defend, also to deny

and to say it's not really an attack
or it wasn't that sophisticated,

small portion of the network, whatever.

I think it also depends on
the actual impact it will have.

If a lot of people are impacted,
then you should do something,

whether as a government or
as a company, to address this.

So you need some kind of openness,
how far you will go;

that’s still a debate, I think.

But you need to inform people that
this is the reason why you cannot

get water or electricity
or whatever is being hacked.

What I hear from
you both is always be open

about as much as possible,
unless you have a really good reason.

Yeah. Well, with that, let's conclude
this episode of Threat Talks.

Gentlemen, thank you very much.

For giving us an insight into the
interesting world of hacktivists.

And I'm happy that we have so many things
that we can do against it, to prevent those things.

So I thank you both.

And for our listeners,
thank you very much for tuning in.

I hope you enjoyed today.

Well, if you did, don't forget to like us
because we would like that.

And while you're in that area
of your podcast app,

also press the subscribe button,
because that means that next week

you have yet another episode of Threat Talks.

And here from the headquarters at ON2IT,

I thank you once again
and hope to see you next time.

Bye bye!

Thank you for listening to Threat Talks,
a podcast by ON2IT cybersecurity and AMS-IX.

Did you like what you heard?
Do you want to learn more?

Follow Threat Talks to stay up to date
on the topic of cybersecurity.