A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Russia/Ukraine Update - August 2023 Breadcrumb Home Insights Blog Russia/Ukraine Update - August 2023 August 25, 2023 The Russia/Ukraine war has been active for roughly 18 months, characterized by both physical and cyber warfare. Ukraine has continued its defensive strategies, while cybercriminal groups in support of each country have launched information-stealing and DDoS attacks. Russia is also dealing with internal struggles, including issues with the Wagner Group – a paramilitary organization and ally of Russian President Vladimir Putin. Optiv’s Global Threat Intelligence Center (gTIC) has provided periodic updates on Russian and Ukrainian actions, as well as estimated cyber-related implications, in advisories and blog posts on February 4, February 22, February 24, June 30, August 25, September 29, October 31, November 29, December 20, March 02, 2023 and May 30, 2023. This update will provide information on the events of the previous 90 days and what we can expect looking forward. Russia Over the course of the previous 18 months, Russia-based threat actors have deployed wiper attacks, ransomware attacks and information-stealing attacks. Active groups over the previous 90 days include Shuckworm, Cadet Blizzard, Midnight Blizzard and NoName057(16). In June 2023, security researchers with Microsoft linked a threat group, Cadet Blizzard (aka DEV-0586, UAC-0056) to Russia’s Main Directorate of the General Staff of the Armed Forces (GRU). Microsoft’s researchers have linked Cadet Blizzard to multiple cyberattacks, including the deployment of the WhisperGate wiper malware against Ukrainian organizations. The group is believed to have been active since at least 2020 and is a separate operation from other GRU-linked threat groups, including Forest Blizzard (aka Strontium, Fancy Bear, APT28) and Seashell Blizzard (aka Iridium, Sandworm). Cadet Blizzard has launched attacks against Ukraine, Eastern Europe, Central Asia and Latin America. Verticals targeted include technology and government, as well as institutions and organizations. Cadet Blizzard has previously gained initial access via vulnerabilities, such as the Confluence vulnerability, CVE-2021-20684 (CVSS 9.8), and Exchange vulnerabilities like CVE-2022-41040 (CVSS 8.8) and the ProxyShell flaws – CVE-2021-34473 (CVSS 9.8), CVE-2021-34523 (CVSS 9.8) and CVE-2021-31207 (CVSS 7.2). The group has employed the following tools and malware over the previous 18 months for persistence and lateral movement: P0wnyShell – A basic, single-file PHP shell that can be used to execute commands. PAS – A publicly available multifunctional PHP web shell that provides remote access and execution on target web servers. reGeorg – A tool that uses web shells to create a SOCKS proxy for intranet penetration. Impacket – An open-source collection of modules written in Python for programmatically constructing and manipulating network protocols. Cadet Blizzard uses living-off-the-land (LOL or LOTL) techniques as much as possible, and they leverage tools like procdump Sysinternals to dump Local Security Authority Subsystem Service (LSASS) credentials. CERT-UA reported Cadet Blizzard for February 2023 attacks against government entities in an attempt to steal sensitive data. Cadet Blizzard has been observed conducting attacks and then going quiet for some time before returning with another attack. It is likely that the threat actors are using this time to improve their TTPs to gain persistence, evade detection, elevate privileges and move laterally. In June 2023, security researchers with Symantec reported that Shuckworm (aka Gamaredon, Primitive Bear, Trident Ursa) has continued to launch cyberattacks against Ukraine, with recent victims including military and government organizations. Shuckworm sent phishing emails to gain initial access. According to Symantec, the malicious attachments often contained lures related to “armed conflicts, criminal proceedings, combating crime and protection of children.” Shuckworm has used a custom backdoor, Ptedero, to maintain persistence and download additional code. The group was observed targeting machines containing file names that Symantec claims appeared to be “sensitive military information.” It is likely that Shuckworm is responsible for obtaining information that could be of strategic interest to the Russian government and support Russian military efforts. Also in June 2023, security researchers with Microsoft disclosed a spike in credential-stealing cyberattacks conducted by the Midnight Blizzard (aka Nobelium, Cozy Bear, The Dukes, APT29). The threat actors used “residential proxy services to obfuscate the source [IP address] of their attacks” and targeted verticals that included governments, technology companies, industrials and manufacturing. CERT-UA warned of cyberattacks attributed to Forest Blizzard (aka Fancy Bear, APT28, FROZENLAKE) that included a phishing campaign targeting government bodies in Ukraine. The phishing emails featured the subject line, “Windows Update,” and purportedly contained Ukranian-language instructions to run a PowerShell command under the pretext of performing security updates. When victims ran the script, this executed a next-stage PowerShell script that collected basic system information. In June 2023, security researchers with Sekoia reported that the pro-Russia hacktivist group, NoName057(16), had grown their DDoS attack toolkit, “DDoSia,” by more than 2,400%. NoName057 has been among the most prolific and active DDoS groups since the start of the Russian-Ukraine conflict. The group and their community have conducted DDoS attacks against European, Ukrainian and U.S. websites of government agencies, media companies and private companies. Image Figure 1: Message published on the NoName057(16) Telegram Group claiming responsibility for targeting a NATO subsidiary In July 2023, security researchers with Microsoft and CERT-UA warned of new attacks by the Russian APT group, Turla (aka Secret Blizzard, KRYPTON, UAC-0003), who has been observed targeting defense organizations with a new malware, DeliveryCheck (aka Capibar, GAMEDAY). The group conducted a phishing campaign with malicious Excel XLSM attachments. When a user enabled the malicious macros, this executed a PowerShell command—creating a scheduled task impersonating a Firefox browser updater. The task downloads the DeliveryCheck backdoor. The malware launches in memory, where it connects to the threat actor’s C2. The threat group was also observed dropping the Kazuar information-stealing backdoor that allows adversaries to launch JavaScript on the device and steal event log data, authentication tokens, cookies and credentials. Wagner Group The Wagner Group is a private military company founded by Yevgeny Prigozhin (aka “Putin’s Chef”). It became the Kremlin’s go-to group for operations he wanted to reject. The group has previously conducted actions on behalf of Russia, including in 2013 when Prigozhin ran the Internet Research Agency. This agency employed hundreds of people to participate in influence operations online, including in the U.S. leading up to the 2016 presidential election. In 2014, the Wagner Group battled the Ukrainian army in a revolt in Eastern Ukraine. In 2022, when Russia invaded Ukraine, the Wagner Group was called upon to fight on the ground against Ukrainian troops. On June 30, 2023, the Russian satellite telecommunications company, Dozor-Teleport CJSC, confirmed that they had suffered a data breach and that “infrastructure on the side of the cloud provider was compromised.” The unnamed hackers claimed to have targeted the company and defaced four Russian websites in support of the Wagner Group's actions. Image Figure 2: Screenshot from one of the defaced websites (Source: CyberScoop) The hackers leaked nearly 700 files related to the organization. While the attack was believed to be in support of the Wagner Group’s actions against Russia, there is an Even Chance that the attack was conducted in support of Ukraine. A conflict between Russia’s military and its biggest private military group would be an advantage for Ukrainian troops. At the time of writing, the motive behind the attack is speculation and Unlikely to be confirmed. Prigozhin recently took to social media to accuse Russian military leadership of providing the Wagner Group with insufficient weaponry and demonstrating incompetence and corruption. In June 2023, Prigozhin ordered the Wagner Group troops to advance on Moscow, calling for the resignation of top defense officials. Before reaching Moscow, Prigozhin ordered the troops to turn back and claimed that he did not want to harm Russian fighters. Putin stated in a press conference that Prigozhin would be charged for a coup attempt. However, an agreement was reached and Prigozhin was allegedly in negotiation to be exiled to Belarus. On August 23, 2023, multiple news outlets began reporting that a private Embraer jet carrying Yevgeny Prigozhin had crashed northwest of Moscow—killing all 10 people on board, including Prigozhin. The flight data indicates that the plane reached an altitude of about 28,000 feet before it stopped transmitting tracking details. While the specific reason for the crash is not known at the time of writing, and Russian authorities are reportedly investigating the crash, many witnesses reported that the plane appeared to be missing a wing and they heard “explosions” prior to the plane’s dive toward the ground. Russia has not commented publicly about the crash. While the cause remains not known, Russia has a known history of “getting back at” those who they feel have wronged them in some way. Despite the proposed negotiation to exile Prigozhin to Belarus, there is an Even Chance that the crash was not accidental and was intended to permanently prevent Prigozhin from regrouping or posing any threat to Russia’s government. Miscellaneous In May 2023, security researchers with Kaspersky reported that the APT group, CloudWizard, had targeted “diplomatic and research organizations” involved in the region of the Russian-Ukrainian conflict. The group has reportedly not ceased operations since the start of the Russia-Ukraine war. In August 2023, security researchers with SentinelLabs reported that the North Korean state-sponsored threat group, ScarCruft, was behind a hack of NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization. ScarCruft allegedly targeted the email server and IT systems and planted a Windows backdoor named OpenCarrot for remote access to the network. It is Likely that this attack was an attempt to advance North Korea’s missile development objectives. Ukraine The IT Army of Ukraine, which has nearly 10,000 volunteers, continues to be active against Russian organizations. While the group has been unable to target the Russian military specifically, due to their security and likelihood of being detected, the group has targeted several organizations and verticals that the Russian military relies on. The group operates and maintains a Telegram channel and an X (formerly known as Twitter) account and has proven adept at overwhelming the cyber defenses of Russian organizations, TV stations and government organizations. Image Figure 3: IT Army of Ukraine’s X (formerly Twitter) account Some of their victims have included the weather forecast that Russian military members relied on, the national rail company’s online ticketing service and payment system used to collect tolls, the websites used by alcohol production and distribution companies to register deliveries and the computerized licensing system used to approve meat and dairy products in Russia. The group also identified compromised cameras after the Ukrainian security agency, SBU, discovered that Russian hackers were using CCTV streams to spy on Ukrainian positions and to direct missiles. In an interview in The Times, a leader of the IT Army of Ukraine using the alias “Joe,” claimed that the hacking groups enjoy showing the petty concerns of ordinary Russians. For example, when a Russian gas station launched a promotional two-for-one offer on hot dogs and burgers for app users, the IT Army of Ukraine took the app down. The hackers have worked to consistently remind Russian citizens that they are at war. In June 2023, a Ukrainian hacking group, Cyber Anarchy Squad, announced on X (formerly known as Twitter) that they had successfully disrupted Russian banking services. The group claimed to have “blown up” InfoTel, a telecommunications company that supplied services to hundreds of companies—a quarter of which are banks. Security researcher Kevin Beaumont reported that the threat actors “remotely wiped the infrastructure” of the company. It took roughly two days for the company to restore BGP routing, with outages for organizations persisting as routers failed. Targeting the financial services vertical likely has a significant impact on the Russian economy. Image Figure 4: Cyber Anarchy Squad’s X account In July 2023, Ukrainian law enforcement successfully disrupted a bot farm where over 100 operators allegedly spread fake information related to the Russian invasion. As the investigation is ongoing, little information is available on the operation. Impact Ukraine has been relatively successful in defending against Russian cyberattacks, including preventing multiple wiper malware attacks on energy vertical organizations in 2022. Russia’s cyberattacks increased by 250% in 2022 against Ukraine and 300% against NATO countries. These attacks, while considered sophisticated in the first months of the war, have slowed and become less organized over time. With the technical assistance of Western allies, Ukraine has significantly boosted its continuous security monitoring capabilities, which has aided in detecting and preventing multiple cyberattacks from Russia. It is Likely that Ukraine will continue to improve its security posture over the next 12 months. There has historically been a high level of solidarity between Russia-linked threat groups, which has contributed to the groups’ perceived sophistication and capabilities. However, the disagreements over support for the war, the leaks and the splits over the previous 12 months have likely challenged that belief. It is Likely that more threat actors will target Russia-based organizations over the next 12 months to steal sensitive information and launch malware-based attacks. Rumors of Russia absolving Russian cybercriminals of their crimes have circulated, which would Likely supply Russia with more cybercriminals to support their cyber efforts. There is an Even Chance that threat actors will shift to more English-language forums and marketplaces over the next 12 months as the war continues. Outlook Despite reports that Russia-linked threat groups have not been as successful as expected, it is Likely that these groups will continue launching attacks against Ukraine and NATO countries over the next 12 months. This is Likely to include critical infrastructure verticals – energy, financial services, government, manufacturing and transportation – in destructive cyberattacks that include wiper and ransomware malware. There is an Even Chance that Russian President Putin will refocus efforts on cyberattacks as military actions face setbacks, including the loss of support from the Wagner Group, shifts in leadership and an ever-changing view of the countries’ strengths. China and India also have a history of state-sponsored and/or APT attacks which have indirectly aligned or maintained suspicious neutrality towards Russia. While China-linked threat groups have a proven history of targeting the U.S. and other Western countries in espionage campaigns, there is an Even Chance that these groups could target countries of strategic interest to Russia over the next 12 months. Threat actors are Likely to target known vulnerabilities, including older vulnerabilities of 2+ years, in widely used software and services to gain access to victim networks. This is Likely due to the success of compromise in employing the same techniques and utilizing minimal resources. Optiv’s gTIC assesses with High Confidence that DDoS attacks will remain an effective and relevant threat to organizations in countries that are openly opposed to Russian activity or in support of Ukraine. In addition to multiple vulnerabilities, Optiv’s gTIC assesses it is Likely that cybercriminals and fringe state-sponsored campaigns will use common software and malware in the coming months, such as: RDP SMB/Samba UPnP Oracle WebLogic Microsoft Exchange Microsoft SharePoint VMware vCenter, ESXi, vSphere, vAccess VPN clients – Pulse Secure, Fortinet Fortigate, Citrix Gateway Jenkins Content management system (CMS) platforms WordPress – Joomla!, Drupal, Magento, Adobe Commerce Mimikatz AdFind AnyDesk Rclone Ngrok reverse proxy Zoho ManageEngine LogMeIn TeamViewer It is Likely that threat actors will continue to use the same tactics observed in cyberattacks attributed to Russia-linked and Russia-supporting groups. Table 1: MITRE ATT&CK techniques observed in reported cyberattacks related to the group notated above Tactic Technique Description Reconnaissance T1595.002 Active Scanning: Vulnerability Scanning T1589.001 Gather Victim Identity Information: Credentials T1598 Phishing for Information T1598.003 Phishing for Information: Spearphishing Link Resource Development T1583.001 Acquire Infrastructure: Domains T1583.006 Acquire Infrastructure: Web Services T1608.001 Stage Capabilities: Upload Malware T1584.001 Compromise Infrastructure: Domains T1584.003 Compromise Infrastructure: Virtual Private Server T1584.004 Compromise Infrastructure: Server T1584.006 Compromise Infrastructure: Web Services T1586.002 Compromise Accounts: Email Accounts T1586.003 Compromise Accounts: Cloud Accounts T1587.001 Develop Capabilities: Malware T1587.003 Develop Capabilities: Digital Certificates T1585.001 Establish Accounts: Social Media Accounts T1588.001 Obtain Capabilities: Malware T1588.002 Obtain Capabilities: Tool Initial Access T1566.001 Phishing: Spearphishing Attachment T1566.002 Phishing: Spearphishing Link T1566.003 Phishing: Spearphishing via Service T1190 Exploit Public-Facing Application T1133 External Remote Services T1195.002 Supply Chain Compromise: Compromise Software Supply Chain T1199 Trusted Relationship T1078 Valid Accounts T1078.002 Valid Accounts: Domain Accounts T1078.003 Valid Accounts: Local Accounts T1078.004 Valid Accounts: Cloud Accounts T1189 Drive-by Compromise Execution T1059.001 Command and Scripting Interpreter: PowerShell T1059.003 Command and Scripting Interpreter: Windows Command Shell T1059.005 Command and Scripting Interpreter: Visual Basic T1059.006 Command and Scripting Interpreter: Python T1059.007 Command and Scripting Interpreter: JavaScript T1059.009 Command and Scripting Interpreter: Cloud API T1559.001 Inter-Process Communication: Component Object Model T1559.002 Inter-Process Communication: Dynamic Data Exchange T1106 Native API T1053.005 Native API T1204.001 User Execution: Malicious Link T1204.002 User Execution: Malicious File T1047 Windows Management Instrumentation T1651 Cloud Administration Command T1203 Exploitation for Client Execution Persistence T547.001 Server Software Component: Web Shell T1136.003 Boot or Logon Autostart Execution: Registry Run Keys/Startup Folder T1137 Boot or Logon Autostart Execution: Time Providers T1137.002 Create Account: Local Account T1098.001 Account Manipulation: Additional Cloud Credentials T1098.002 Account Manipulation: Additional Email Delegate Permissions T1098.003 Account Manipulation: Additional Cloud Roles T1098.005 Account Manipulation: Device Registration T1546.003 Event Triggered Execution: Windows Management Instrumentation Event Subscription T1546.013 Event Triggered Execution: PowerShell Profile T1546.015 Event Triggered Execution: Component Object Model Hijacking T1556.007 Modify Authentication Process: Hybrid Identity T1505.003 Server Software Component: Web Shell T1037.001 Boot or Logon Initialization Scripts: Logon Script (Windows) T1542.003 Pre-OS Boot: Bootkit Privilege Escalation T1546.008 Event Triggered Execution: Accessibility Features T1546.015 Event Triggered Execution: Component Object Model Hijacking T1068 Exploitation for Privilege Escalation T1134.001 Access Token Manipulation: Token Impersonation/Theft T1134.002 Access Token Manipulation: Create Process with Token Defense Evasion T1055 Process Injection T1055.012 Process Injection: Process Hollowing T1140 Deobfuscate/Decode Files or Information T1564.003 Hide Artifacts: Hidden Window T1562.001 Impair Defenses: Disable or Modify Tools T1562.002 Impair Defenses: Disable Windows Event Logging T1562.004 Impair Defenses: Disable or Modify System Firewall T1070.004 Indicator Removal: File Deletion T1070.006 Indicator Removal: Timestomp T1070.008 Indicator Removal: Clear Mailbox Data T1112 Modify Registry T1121 Template Injection T1027 Obfuscated Files or Information T1027.001 Obfuscated Files or Information: Binary Padding T1027.004 Obfuscated Files or Information: Compile After Delivery T1027.005 Obfuscated Files or Information: Indicator Removal from Tools T1027.010 Obfuscated Files or Information: Command Obfuscation T1027.011 Obfuscated Files or Information: Fileless Storage T1218.005 System Binary Proxy Execution: Mshta T1218.011 System Binary Proxy Execution: Rundll32 T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control T1484.002 Domain Policy Modification: Domain Trust Modification T1553.002 Subvert Trust Controls: Code Signing T1553.005 Subvert Trust Controls: Mark-of-the-Web Bypass T1553.006 Subvert Trust Controls: Code Signing Policy Modification T1036.001 Masquerading: Invalid Code Signature T1036.004 Masquerading: Masquerade Task or Service T1036.005 Masquerading: Match Legitimate Name or Location T1211 Exploitation for Defense Evasion T1150.004 Use Alternate Authentication Material: Web Session Cookie T1014 Rootkit Credential Access T1528 Steal Application Access Token T1552.004 Unsecured Credentials: Private Keys T1110 Brute Force T1110.001 Brute Force: Password Guessing T1110.003 Brute Force: Password Spraying T1555.003 Credentials from Password Stores: Credentials from Web Browsers T1555.004 Credentials from Password Stores: Windows Credential Manager T1621 Multi-Factor Authentication Request Generation T1606.001 Forge Web Credentials: Web Cookies T1606.002 Forge Web Credentials: SAML Tokens T1003.003 OS Credential Dumping: NTDS T1003.006 OS Credential Dumping: DCSync T1649 Steal or Forge Authentication Certificates T1558.003 Steal or Forge Kerberos Tickets: Kerberoasting T1539 Steal Web Session Cookie Discovery T1083 File and Directory Discovery T1120 Peripheral Device Discovery T1057 Process Discovery T1082 System Information Discovery T1016.001 System Network Configuration Discovery: Internet Connection Discovery T1033 System Owner/User Discovery T1087.001 Account Discovery: Local Account T1087.002 Account Discovery: Domain Account T1087.004 Account Discovery: Cloud Account T1482 Domain Trust Discovery T1069.001 Permission Groups Discovery: Local Groups T1069.002 Permission Groups Discovery: Domain Groups T1018 Remote System Discovery T1040 Network Sniffing T1615 Group Policy Discovery T1201 Password Policy Discovery T1012 Query Registry T1049 System Network Connections Discovery T1007 System Service Discovery T1124 System Time Discovery Lateral Movement T1534 Internal Spearphishing T1080 Taint Shared Content T1021.001 Remote Services: Remote Desktop Protocol T1021.002 Remote Services: SMB/Windows Admin Shares T1021.005 Remote Services: VNC T1021.006 Remote Services: Windows Remote Management T1021.007 Remote Services: Cloud Services T1550.001 Use Alternate Authentication Material: Application Access Token T1550.003 Use Alternate Authentication Material: Pass the Ticket T1210 Exploitation of Remote Services T1091 Replication Through Removable Media T1570 Lateral Tool Transfer Collection T1119 Automated Collection T1074.001 Data Staged: Local Data Staging T1074.002 Data Staged: Remote Data Staging T1025 Data from Removable Media T1113 Screen Capture T1560 Archive Collected Data T1560.001 Archive Collected Data: Archive via Utility T1005 Data from Local System T1213 Data from Information Repositories T1213.002 Data from Information Repositories: SharePoint T1213.003 Data from Information Repositories: Code Repositories T1114.002 Email Collection: Remote Email Collection T1039 Data from Network Shared Drive T1123 Audio Capture Command & Control T1132 Data Encoding T1102 Web Service T1102.002 Web Service: Bidirectional Communication T1071.001 Application Layer Protocol: Web Protocols T1071.003 Application Layer Protocol: Mail Protocols T1568 Dynamic Resolution T1105 Ingress Tool Transfers T1001.001 Data Obfuscation: Junk Data T1001.002 Data Obfuscation: Steganography T1573 Encrypted Channel T1573.001 Encrypted Channel: Symmetric Cryptography T1092 Communication Through Removable Media T1090.001 Proxy: Internal Proxy T1090.003 Proxy: Multi-hop Proxy T1090.004 Proxy: Domain Fronting Exfiltration T1041 Exfiltration Over C2 Channel T1048.002 Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol T1020 Automated Exfiltration T1030 Data Transfer Size Limits T1567 Exfiltration Over Web Service T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage Impact T1561 Disk Wipe T1561.002 Disk Wipe: Disk Structure Wipe T1486 Data Encrypted for Impact T1485 Data Destruction T1491.001 Defacement: Internal Defacement T1498 Network Denial of Service T1529 System Shutdown/Reboot By: Andi Ursry Intelligence Analyst | Optiv Andi Ursry has over four years of experience in Threat Intelligence. Ursry began her career in the retail sector in Loss Prevention and Safety positions. She worked on-site to help stores mitigate risks. After seeing a shift toward cybercrime, she changed focus to cyber intelligence. Ursry’s research focuses on ransomware groups and their tactics. Prior to joining Optiv, Ursry was a Cyber Threat Intelligence Analyst for a California-based cybersecurity company that specializes in digital risk. She earned a bachelor’s and master’s degree in criminal justice from Colorado Technical University, Online. Share: Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.