Greg Lesnewich
Threat Intelligence Analyst
Recorded Future

Why Nominated: With a focus on state-sponsored espionage campaigns and Middle Eastern- borne cyber threats, as a Threat Intelligence Analyst at Recorded Future, Greg Lesnewich provides detailed threat actor and malware profiles to some of the world’s most influential organizations.

Profile:  An expert in threat actor infrastructure, Lesnewich has more recently trained his focus on investigating the ways in which internet access control is proliferating across the globe. He has put considerable effort into raising awareness of this growing trend amongst the cybersecurity community, government organizations and the public.

He has developed extensive experience in state- sponsored espionage campaigns and Middle Eastern- born activity. In his current role at Recorded Future, Lesnewich monitors threat activity, both via infrastructure and malware, for customer reporting; develops detections for malicious traffic patterns and malware behavior for customer protection; generates technical sources for customer consumption and internal hunting leads; helps lead efforts for incident- based RFI’s, including phishing campaigns, nation-state activity, and malware; and helps lead rapid response analysis for evolving cyberevents and news to help customers understand threats.

In 2018, Lesnewich also co-authored nationally covered research about attacks on a major telecommunications and IT provider that was targeted by an unknown threat actor as part of an operation directed at disrupting the Olympic Games in PyeongChang. Recorded Future identified hardcoded credentials for the IT provider embedded in the Olympic Destroyer malware used in this campaign. Before joining Recorded Future, Lesnewich began his journey in threat intelligence while working at the National Cyber- Forensics and Training Alliance (NCFTA) from 2014 to 2015.

 What colleagues say: “Upon arrival, Lesnewich quickly distinguished himself as a threat intelligence researcher. It was evident that he could not only provide relevant reporting on emerging threats but also begin to pave the way in methodology centered around researching emerging threats. Initially doing customer requested research, Lesnewich transitioned into a role where he was free to focus on technical research relating to both threat actors and their related TTPs and build out Recorded Future’s operational threat actor tracking functions. Lesnewich continues to track threat actor infrastructure, with a focus on state- sponsored espionage campaigns and Middle Eastern- born activity.

Greg is at the leading edge of threat intelligence research with a focus on intelligence that is actionable and useable by Recorded Future’s customer base. His research provides intelligence on the techniques threatactors use that go directly to protecting and detecting incidents across the globe. His capabilities and openness to share put Greg in the front- line of how corporations protect themselves.” – – Gavin Reid, CSA and head of threat research for Recorded Future

Teri Robinson