Cyber Threat Intelligence & AI Innovation | PhD | European Commission Marie Curie Research Fellow 2011-2014 | Personal Profile
Joined March 2012
- Tweets 580
- Following 590
- Followers 2,020
- Likes 1,744
58 Photos and videos
Pinned Tweet
26 Jun 2024
Dropping this today: ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with @JulianVoeg from @RecordedFuture
🧵A quick summary and a few thoughts on the use of RSW by APTs
s1.ai/Chamel-b
1
29
65
15,173
Last week, a new initiative was launched under @NATO DEEP to develop a Reference Curriculum on Artificial Intelligence as a Tool for Military Power. Honored to work alongside a distinguished group of experts and help define how AI is addressed within military education!
2
3
890
Aleksandar Milenkoski retweeted
Over the past 5 months, SentinelLABS has embraced a remit of experimenting with frontier model capabilities towards meaningful security applications. We’ve been reporting on our findings openly as we complete them. We hope it’ll help others looking for ways to meaningfully impact cybersecurity.
Mar 11
It takes a human analyst an average of 41 minutes to process a single CTI report. An LLM typically does it in 3.3 minutes.
Our latest @LabsSentinel evaluation shows LLM-driven pipelines can process threat intel 18x faster than manual workflows. But there’s a catch. ⚠️ 🧵
8
42
8,562
Aleksandar Milenkoski retweeted
Mar 10
Sentinel Labs researchers Aleksandar Milenkoski & Razvan Gabriel Cirstea explore the application of LLMs for extracting & contextualizing information from cyber threat intelligence (CTI) reports, turning narrative into structured data for downstream use. sentinelone.com/labs/from-na…
1
15
60
7,336
Just published: turning cyber threat intel narratives into knowledge graphs with LLMs.
Razvan and I explore the application of LLMs for extracting and contextualizing information from CTI reports, turning narrative into structured data for downstream use. [1/2]
2
6
54
5,451
The blog post includes discussions of challenges and trade‑offs involved, as well as early evaluation results. [2/2]
sentinelone.com/labs/from-na…
4
23
1,329
Aleksandar Milenkoski retweeted
16 Oct 2025
Some additional details emerge about the F5 breach: the hackers were in the company's network for at least 12 months, according to people familiar with the investigation. F5 sent customers on Wednesday a threat hunting guide for Brickstorm, which is leveraged by the UNC5221 Chinese APT group. BTW, 12 months is just a bit short of the 393 days that is the average dwell time for UNC5221. Story by Patrick Howell O'Neill and colleagues: bloomberg.com/news/articles/…
8
113
315
49,573
1/ A pro-Hamas persona is making noise from recent airport “hacks”, including broadcast system defacements in 🇨🇦 Kelowna & 🇺🇸 Harrisburg.
But digging deeper, their actions remain low-impact and opportunistic. Lets take a deeper look..🧵
1
5
6
1,934
6 Oct 2025
Last week, I had the pleasure of hosting a seminar session at @warstudies, @KingsCollegeLon. I am very grateful to @monica_kello for the invitation and to all the attendees for taking the time to join and engage in thoughtful discussion!
kcl.ac.uk/events/ransomware-…
1
272
It’s finally here.. @labscon_io welcome reception kicks off TONIGHT!
Opening with a live Three Buddy Problem show, setting the tone for an incredible week of brilliant minds coming together.
Watch #LABScon25 for event updates and highlights.
💜 See you in the desert
🧵..
1
4
17
2,326
16 Sep 2025
🚀@labscon_io kicks off tomorrow!
I am excited to be presenting on the APT group CamoFei, a joint research project with @JulianVoeg (@RecordedFuture), @AzakaSekai_ (@TeamT5_Official), and myself (@LabsSentinel, @SentinelOne). [1/3]
1
3
12
2,640
16 Sep 2025
I’m also delighted to be hosting a workshop with @Joseliyo_Jstnk (@Google, @virustotal) on "Advanced Threat Hunting: Automating Large-Scale Operations with LLMs." [2/3]
1
3
214
16 Sep 2025
The @labscon_io agenda is packed with incredible talks and speakers. Check it out! [3/3]
s1.ai/agenda25
1
5
417
4 Sep 2025
🚨New research drop: Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
It was a pleasure collaborating with @SreekarMad and @warm_warmer from @ValidinLLC!
Read our blog post:
s1.ai/nk-ops
1
21
42
5,423
4 Sep 2025
@AJVicens and @razhael from @Reuters provide further coverage of the human dimension of this threat, exploring victim engagement methods and their personal impact.
Read the Reuters article:
reuters.com/world/asia-pacif…
2
3
632
Aleksandar Milenkoski retweeted
25 Aug 2025
When Public Information Censorship Meets Private Enterprise: @LabsSentinel analyzed a data leak that revealed to them the complex ecosystem between the Chinese Communist Party (CCP) and country’s private cybersecurity sector.
The data leak from Chinese cybersecurity firm, Topsec, indicates that private cybersecurity firms are likely being used for content moderation in an effort to monitor and control public opinion.
Read the full report from @LabsSentinel’s @spiderspiders_, @milenkowski, and @DakotaInDC: s1.ai/topsec
1
1
2
252
11 Jun 2025
Presenting at @HagueTIX with @JulianVoeg was an amazing experience! So many insightful talks! Huge thanks to the organizing team (@monica_kello, Corianne Oosterbaan, and the PC) for having me. Already looking forward to next year, wouldn’t miss it!
2
8
428
Aleksandar Milenkoski retweeted
10 Jun 2025
Think Deeper.
One line of this @SentinelOne blog (🙏 @TomHegel and @milenkowski) stood out to me.
💭"Encrypts and password-protects the archive using 7-Zip with the password @WsxCFt6&UJMmko0, ensuring the data is obfuscated from inspection."
Pretty strong password at first blush. Let's see if @Copilot can figure out why the threat actor may have chosen it.
2
18
58
9,049
Aleksandar Milenkoski retweeted
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
June 9, 2025, Sentinel Labs
sentinelone.com/labs/follow-… @LabsSentinel
1
5
9
1,099
9 Jun 2025
We just released our findings on long-term activity clusters attributed to China-nexus actors.
We discuss a relatively underreported, yet critical, aspect of the threat landscape: the targeting of cybersecurity vendors.
Big shout out to @BlackLotusLabs for their support! [1/2]
1
7
19
2,039