Jiro Minier

Lead, Threat Intelligence Research & Analysis at Deutsche Cyber-Sicherheitsorganisation (DCSO)

Jiro Minier

Jiro Minier leads the Threat Intelligence Research & Analysis team at the Deutsche Cyber-Sicherheitsorganisation (DCSO), specialising in cyberespionage and cybersecurity issues in the East Asia region.

He is actively involved in the cybersecurity and technology policy debate, including as a prior European Cybersecurity Fellow with the European Cyber Conflict Research Initiative, a prior Practice Fellow at the Centre for International Security at the Hertie School, a contributing writer to the Dahrendorf Forum’s European Security 2030 foresight project, and a Junior Ambassador to the 56th Munich Security Conference.

Prior to joining DCSO, he was employed as a staffer to the then-Chairman of the Committee on Foreign Affairs of the House of Representatives of Japan. He holds a BSc in International Relations from the London School of Economics and Political Science and an MPhil in International Relations and Politics from the University of Cambridge.

Talk: Disruption with Chinese Characteristics: The Past, Present, and Possible Futures of China-Nexus (Quasi-)Ransomware Activity

Recent years have seen a series of disparate ransomware or ransomware-like incidents attributed with varying degrees of confidence to China-nexus actors, impacting an equally geographically and sectorally disparate range of victims.

The picture is further muddied by the suspected mixed espionage and financial motives believed to have driven other campaigns conducted by activity clusters such as APT41, complicating any attempts to identify any clear motives driving activity in this category.

This talk will seek to provide a comprehensive overview of what is currently publicly known concerning activity involving ransomware or ransomware-like tooling with attribution linkages to China-nexus actors. As part of this overview, insights from a relevant suspected China-linked incident that we observed directly will be highlighted in a case study.

The talk will then seek to place this activity in context, considering how ransomware or quasi-ransomware activity might fit into what is known regarding the suspected taskings and other motivating factors driving activity conducted by the implicated actors and activity clusters.

Finally, the talk will attempt to consider the possible future trajectories of such activity, considering the role that ransomware and ransomware-like activity may play in the coming years in light of the geopolitical and geoeconomic challenges faced by China.