OPSEC Failures: How Threat Actor Mistakes Help Defenders by Lucie Cardiet

This report synthesizes three December 2025 case studies of OPSEC failures: Devman’s rushed RaaS rollout exposed management systems and reused tooling; SLSH publicly claimed a breach of a honeypot containing synthetic data, undermining their credibility; and a North Korean developer machine infected with LummaC2 leaked credentials and tooling linked to the $1.4B Bybit theft. The cases show that poor isolation, credential reuse, and overreliance on automation create observable signals defenders can exploit.