Industries
Defense & DIB
Nation-states are inside the defense industrial base right now. BRICKSTORM malware averaged 393 days undetected. DPRK IT workers are inside 300+ U.S. organizations. Aktoh deploys autonomous AI defense built for CMMC 2.0 environments.
393 days
Average dwell time for BRICKSTORM nation-state malware in defense industrial base networks before detection
Google GTIG/Mandiant Sep 2025 + CISA Feb 2026
150%
Increase in China-linked espionage targeting the defense industrial base in 2024
CrowdStrike / US Homeland Security Committee
300+
US organizations infiltrated by North Korean IT workers posing as legitimate contractors
DOJ indictments, FBI, Christina Chapman case
A Letter to Defense Industry Leaders
— James Spitler, Founder & CEO, Aktoh Cyber
BRICKSTORM malware averaged 393 days undetected inside defense industrial base networks. That means the evidence of initial compromise was gone — overwritten, cleared, aged out — before detection began.
North Korean IT workers passed background checks, signed NDAs, and worked inside 300+ US organizations — billing for hours on classified programs while exfiltrating technical data.
CMMC compliance documents your controls. It does not detect adversaries who generate no telemetry, operate inside legitimate access, and have been inside your environment for over a year.
Aktoh builds detection capability in the gap between compliance documentation and operational security reality.
Contact UsEdge Device & Appliance Threat Hunting
No-EDR Infrastructure Detection
Detect BRICKSTORM and similar nation-state malware on VMware vCenter/ESXi and edge appliances that cannot run traditional endpoint detection agents.
CUI & Sensitive Data Deception
Sleight Platform
Decoy technical data repositories and honeypot CUI environments — catching nation-state actors before they reach real controlled unclassified information.
24/7 Nation-State Detection
Horsemen Platform
Behavioral detection without signatures — identifying the slow lateral movement patterns that nation-state actors use to stay inside networks for months undetected.
Insider Threat & Remote Workforce Vetting
DPRK IT Worker Defense
Behavioral monitoring of remote contractors — detecting the anomalous access patterns indicating an insider working for an adversary.
CMMC Compliance & Audit Readiness
C3PAO Audit Trail
Continuous monitoring documentation supporting CMMC 2.0 third-party assessments — going beyond compliance to actual operational detection capability.
Supply Chain & Sub-Tier Security
Volt Typhoon Reconnaissance Defense
Monitor every supplier and subcontractor access pathway — nation-state actors use sub-tier vendors to gain access to prime contractor networks.
Defend Your Future.
Secure Yours Now.
Discover how our expertise keeps your world safe, so you can focus on what matters most.
Next-generation autonomous cybersecurity protecting enterprises worldwide.
Get cybersecurity directly to your inbox
Weekly threat intelligence briefings and product updates.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2026 All rights reserved, Developed by