Daniel Gordon

Daniel Gordon has over a decade of experience hunting, researching, tracking, and disrupting North Korean hacking groups. While Daniel got his start doing IT, he worked as a cyber threat intelligence analyst for Lockheed Martin CIRT as well as the Department of Defense Cyber Crime Center (DC3).

Daniel has a bachelor's in Political Science and Master's in Modeling & Simulation and has CISSP, CEH, GCIA, GCFA, GCTI, and CySA+ certifications. Daniel has published articles in DarkReading, War on the Rocks, and Risky.biz on information security topics.

‍

Talk: Let Them Cook? What A New North Korean Group Means for the DPRK Threat Landscape [TLP:AMBER]

Late 2025 and early 2026 has witnessed the emergence of a new North Korean group that I am naming Trainwreck Choson. The group has been misattributed by various CTI teams to at least four different existing threat groups. This talk will discuss theories, backed by evidence, as to why the actor's activity has been confused with existing threat actors. The talk will also reflect on what personnel changes led to the emergence of this group, as well as several other new North Korean hacking groups and what this all means for the overall North Korean cyber threat landscape.

‍