Cybersecurity judo, Nvidia chip procurement, and fishy antibody strategies

Your new Strategy Toolkit newsletter (June 23, 2025)

(1) When a threat is an opportunity…

The world of martial arts is full of examples (judo, akido, ju-jitsu) in which one combatant uses the strength or momentum of the other to advantage. This is particularly compelling in situations where one person is much larger than the other. Two recent articles in cybersecurity draw upon this strategy of responding to an attacker by turning the means of attack into a powerful tool.

In the first, the baddies do it:

“Threat intelligence analysts at Sysdig recently wrote about a threat group called UNC5174, a state-sponsored Chinese operation that runs espionage campaigns against governments, tech companies, research institutions and think tanks in the United States, Canada, and the U.K., as well as nongovernmental agencies in the Asia-Pacific region…

“However, UNC5174 recently began adding open source tools to its bag of tricks, such as using Supershell as a reverse shell last year. In their report, Sysdig researchers noted that the threat actor is using another open source tool, VShell, in an ongoing campaign that started in late January. They were using it in conjunction with SnowLight and WebSockets and hiding it by wrapping it in other malware to make it more difficult to detect, they wrote.

“UNC5174 is an example of a larger trend of state-sponsored and other advanced cybercriminal gangs turning to open source solutions in their arsenals, often weaponizing legitimate offensive cybersecurity offerings to reduce the cost of their operations and to better blend in with “script kiddies” — less-sophisticated bad actors — which gives them a better chance to go undetected by threat hunters.”*

* Burt, J., “Linux Security Software Turned Against Users,” The New Stack (May 1 2025); https://thenewstack.io/linux-security-software-turned-against-users/

In the second, the goodies do it:

“Cyberattacks can snare workflows, put vulnerable client information at risk, and cost corporations and governments millions of dollars. A botnet—a network infected by malware—can be particularly catastrophic. A new Georgia Tech tool automates the malware removal process, saving engineers hours of work and companies money.

“The tool, ECHO, turns malware against itself by exploiting its built-in update mechanisms and preventing botnets from rebuilding. ECHO is 75% effective at removing botnets. Removing malware used to take days or weeks to fix, but can now be resolved in a few minutes. Once a security team realizes their system is compromised, they can now deploy ECHO, which works fast enough to prevent the botnet from taking down an entire network.”**

** Malone, T., “Spy vs. spy: A new automated removal tool can stop most remote-controlled malware,” TechXplore (April 25 2025); https://techxplore.com/news/2025-04-spy-automated-tool-remote-malware.html