As U.S. leadership and China increasingly signal that today’s cryptography is no longer sufficient to protect long-lived data, Patero has introduced a Cryptographic Inventory Workshop to help organizations understand what cryptography they actually have, who owns it, and what is already exposed.
The workshop is a facilitated, pre-inventory engagement designed to rapidly define scope, align stakeholders, and build an executable plan for cryptographic inventory, as pressure grows from NSM-10, ongoing “harvest now, decrypt later” risk, and accelerating geopolitical timelines.
It is grounded in Patero’s Automated Cryptography Discovery and Inventory (ACDI) methodology, which surfaces cryptographic risk across networks, applications, cloud services, databases, and codebases. The focus is not theory, but evidence — establishing visibility, ownership, and defensible proof of risk management as quantum-grade protection becomes the next category of security.
What’s included:
For up to 20 participants:
- Virtual facilitation and working sessions, plus planning artifacts such as methods,
- Tool configuration guidance,
- API usage guidance,
- Sample correlation charts,
- Evidence templates
The Cryptographic Inventory Workshop is available immediately.
For cost and Workshop scheduling information, contact quantumsafe@patero.io
When Grid Data Goes Dark Web: New research on critical infrastructure targeting Published By Suzu Labs
Posted in Commentary with tags Suzu Labs on January 16, 2026 by itnerdSuzu Labs has just published “When Grid Data Goes Dark Web” which is new research detailing the dark web posting in Jan. 2026 of 139 gigabytes of valuable data from a U.S. power infrastructure company. The data lets an adversary identify vulnerable transmission corridors, understand redundancy patterns, and/or map critical interconnection points.
The asking price? 6.5 bitcoin (~$600K US).
The seller explicitly noted the data was “suitable for infrastructure analysis, modeling, risk assessment, or specialized research.”
What the Data Contains
The breach targeted an engineering firm that provides surveying and design services to electric utilities. The stolen files include:
Suzu Labs CEO Michael Bell notes:
“For a utility or engineering firm, this is operational data. For an adversary, this is reconnaissance gold. The files map exactly where power lines run, how they’re configured, what vegetation threatens them, and where substations connect to the grid.
“This wasn’t a sophisticated attack on industrial control systems. It wasn’t a supply chain compromise or zero-day exploit. According to public reporting on the same threat actor, the likely access method was testing infostealer-harvested credentials against cloud file-sharing platforms.
“Someone at the company had their browser credentials stolen by commodity malware. Those credentials weren’t protected by MFA. This actor has listed data from 50+ organizations across 15 countries. Aviation. Healthcare. Government. Construction. Critical infrastructure is one target category among many. The common thread is opportunistic access via stolen credentials and absent MFA.”
You can read the research here: https://suzulabs.com/suzu-labs-blog/when-grid-data-goes-dark-web?hs_preview=YduZZtdF-295534203578
Leave a comment »