State-sponsored actors, better known as the friends you don’t want

This report outlines how state-sponsored actors and APTs operate covertly inside organizational trust boundaries—using legitimate credentials and native tools to achieve long dwell times—and prescribes prioritized readiness and response measures: increase visibility (command-line and PowerShell logging, Sysmon, centralized logs, NetFlow/DNS monitoring), prioritize identity controls (MFA, tiered admin, credential monitoring), prepare OT/ICS and supply-chain defenses (hardware-enforced segmentation, SBOMs, vendor access inventories), enforce OPSEC during investigations, and adopt tailored IR playbooks and sustained threat hunting.