Aleksandar Milenkoski

Aleksandar Milenkoski is a Senior Threat Researcher at SentinelLabs. With expertise in malware research and focus on targeted attacks, he brings a blend of practical and deep insights to the forefront of cyber threat intelligence. Aleksandar has a PhD in system security and is the author of numerous reports on cyberespionage and high-impact cybercriminal operations, conference talks, and peer-reviewed research papers. From 2011 to 2014, he was a European Commission Marie Skłodowska-Curie Research Fellow. His research has won awards from SPEC, the Bavarian Foundation for Science, and the University of Würzburg.

‍

Talk (with Julian-Ferdinand Vögele): Ransomware’s New Masters: How States Are Hijacking Cybercrime [TLP: CLEAR]

Ransomware is no longer just a tool for financial extortion. Nation-states now use this destructive malware for disruption, misattribution, and evidence removal. In this talk, we explore how state-linked threat actors associated with some of the most prominent players in the cyber threat landscape — Russia, North Korea, China, and Iran —  are using ransomware not only for financial gain but to advance their strategic goals.

This talk takes a comparative look at the key differences and similarities in how these threat groups use ransomware. We examine their operational methods and objectives, considering how each country's geopolitical context shapes their approach. We provide both historical and current perspectives, including past cases and previously undisclosed details on recent cyber operations.

We also explore the growing involvement of state-linked actors in ransomware-as-a-service (RaaS) operations, leveraging cybercriminal networks to increase operational efficiency and maintain plausible deniability. Finally, we discuss the future of ransomware in state-sponsored operations, examining how and to what end states are likely to continue using this tactic, implications for defenders, and challenges in countering this threat.