Zawadi Done

Zawadi Done is an Incident Responder at Hunt & Hackett. He hasworked in the Cyber Security industry for six years in various roles as cybersecurity consultant, DevOps engineer and developer. Zawadi uses theseexperiences to build innovative incident response solutions and to inspire theincident response community to learn from developers.

‍

Talk: Sea Turtle & Lazarus operations in the Netherlands [TLP:RESTRICTED]

In today’s rapidly evolving threat landscape, advanced persistent threat (APT) groups have become more sophisticated, better resourced, and increasingly systematic in their operations. These adversaries carefully select their targets, conduct thorough reconnaissance, and employ stealthy tactics that often bypass technology-driven security measures. At the same time, the growing frequency and scale of security incidents present significant challenges for incident response, threat intelligence, and SOC teams.

This presentation explores how actionable threat intelligence — combining tactics, techniques, and procedures (TTPs) with indicators of compromise (IOCs) — can be more effectively shared and applied during incident response, threat reporting, and proactive threat hunting. Drawing on firsthand experience with two nation-state actors observed operating in the Netherlands — Sea Turtle and Lazarus — we share insights into their high-profile cyber operations. This talk highlights how strategic threat intelligence supported our incident response efforts and enhanced detection capabilities while actively hunting these APT adversaries during two separate IR cases.