Last updated
IndustryNetwork Security
FounderAdam Vincent (CEO), Leigh Reichel (CFO)
Arlington, Virginia
United States
Products Threat Intelligence Platform
Number of employees
129 (May 2019) [1]

ThreatConnect is a cyber-security firm based in Arlington, Virginia. They provide a Threat Intelligence Platform for companies to aggregate and act upon threat intelligence.

Threat Intelligence Platform is an emerging technology discipline that helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data, and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, Whois information, reverse IP lookup, website content analysis, name servers, and SSL certificates.



The firm was founded in 2011 as Cyber Squared Inc. by Adam Vincent, Richard Barger, Andrew Pendergast and Leigh Reichel. [2] They renamed to ThreatConnect after their series A funding of $4 million in 2014, [3] [4] and in December 2015 obtained series B funding of $16 million. [5]

The company gained attention when it linked the Anthem medical data breach to Chinese government-sponsored entities. [6] According to cybercrime expert Brian Krebs, ThreatConnect identified domains used by the group that were intentionally similar to legitimate domains used by Anthem. [7]

The Anthem medical data breach was a medical data breach of information held by Anthem Inc.

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. His interest grew after a computer worm locked him out of his own computer in 2001.

They also linked Guccifer 2.0, responsible for the 2016 Democratic National Committee email leak, to the Russian-backed cyberespionage group Fancy Bear. [8] [9] Further cyberattacks they attributed to Fancy Bear include against a group investigating the Malaysia Airlines 17 crash, [10] and the World Anti-Doping Agency who had recently issued a report about state-sponsored doping. [11]

"Guccifer 2.0" is a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.

The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently published (leaked) by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States' Democratic Party. The leak includes emails from seven key DNC staff members, and date from January 2015 to May 2016.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The Foreign and Commonwealth Office, and security firms SecureWorks, ThreatConnect, and Fireeye's Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as two GRU units known as Unit 26165 and Unit 74455.

Related Research Articles

Democratic National Committee top institution of the U.S. Democratic Party

The Democratic National Committee (DNC) is the formal governing body for the United States Democratic Party. The committee coordinates strategy to support Democratic Party candidates throughout the country for local, state, and national office. It organizes the Democratic National Convention held every four years to nominate and confirm a candidate for president, and to formulate the party platform. While it provides support for party candidates, it does not have direct authority over elected officials.

FireEye is a publicly traded cybersecurity company headquartered in Milpitas, California. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. FireEye was founded in 2004. Initially, it focused on developing virtual machines that would download and test internet traffic before transferring it to a corporate or government network. The company diversified over time, in part through acquisitions. In 2014, it acquired Mandiant, which provides incident response services following the identification of a security breach. FireEye went public in 2013. USAToday says FireEye "has been called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem and others". Yahoo Finance says FireEye is again the fastest-growing cyber security firm, according to Deloitte.

Palo Alto Networks network and enterprise security company based in Santa Clara, California

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. Its core products are a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 60,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. The company's mission statement is "to protect our way of life in the digital age by preventing successful cyberattacks".

Sony Pictures hack November 24, 2014 release of hacked confidential data from the film studio Sony Pictures

On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, and other information. The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.

Cozy Bear, classified as advanced persistent threat APT29, is a Russian hacker group believed to be associated with Russian intelligence. The Dutch AIVD deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR). Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group was given other nicknames by other cybersecurity firms, including Office Monkeys, CozyCar, The Dukes, and CozyDuke.

Illusive Networks is a cybersecurity firm headquartered in Tel Aviv, Israel and New York. The company produces technology that stops cyber attackers from moving laterally inside networks by finding and eliminating errant credentials and connections, planting false information about given network's resources, emulating devices, and deploying high interactivity decoys. Network administrators are alerted when cyber attackers use security deceptions in an attempt to exploit the network. Illusive Networks is the first company launched by the Tel Aviv-based incubator, Team8. In June 2015, Illusive Networks received $5 million in Series A funding from Team8. To date, it has raised over $30M.

CrowdStrike Holdings, Inc. is a cybersecurity technology company based in Sunnyvale, California. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high profile cyber-attacks, including the Sony Pictures hack, the 2016 Democratic National Committee email leak, and the Democratic National Committee cyber attacks.

The Democratic National Committee cyber attacks took place in 2015 and 2016, in which computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Some cybersecurity experts, as well as the U.S. government, stated that the cyberespionage was the work of Russian intelligence agencies.

On Friday July 29, 2016 the Democratic Congressional Campaign Committee reported that its computer systems had been infiltrated. It is strongly believed by US intelligence sources that the infiltrator groups are Russian foreign intelligence groups that breached the Democratic National Committee's computer systems. These groups are known as Fancy Bear and Cozy Bear.

DCLeaks is a website that was established in June 2016. Since its creation, it has been responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms say the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.

In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were stolen. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.

2017 Macron e-mail leaks release of 21,075 emails associated with the French presidential campaign of Emmanuel Macron

The 2017 Macron e-mail leaks were leaks of more than 20,000 e-mails related to the campaign of Emmanuel Macron during the 2017 French presidential elections, two days before the final vote. The leaks garnered an abundance of media attention due to how quickly news of the leak spread throughout the Internet, aided in large part by bots and spammers and drew accusations that the government of Russia under Vladimir Putin was responsible. The e-mails were shared by WikiLeaks and several American alt-right activists through social media sites like Twitter, Facebook, and 4chan.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

Greg Martin is a cybersecurity expert and entrepreneur. He is the co-founder of cyber-security company Anomali and is the co-founder and CEO of cyber security company JASK. Martin is credited with inventing the first Threat Intelligence Platform (TIP), and is the creator of the popular open source Honeypot project “Modern Honey Network”.

Charming Kitten is a cyberwarfare group, described by several companies and government officials as an advanced persistent threat.


  1. Chris Bing (26 January 2016). "This Cyber Startup Is Flying Under the Radar With a Monster Valuation". DC Inno.
  2. Ethan Rothstein (12 January 2015). "Shirlington Startup Helping Big Companies Prevent Hacking". ARLnow - Arlington, Va. Local News & Community.
  3. Eric Hal Schwartz (20 November 2014). "Virginia Cybersecurity Startup Cyber Squared Gets $4M and a Name Change". In The Capital.
  4. Steven Overly (20 November 2014). "Cybersecurity firm Cyber Squared raises $4 million, changes name to ThreatConnect". The Washington Post.
  5. Cara O'Donnell (22 December 2016). "Threat Intelligence Startup ThreatConnect Closes $16M Investment Round and Makes Strategic Move within Arlington". Arlington Economic Development.
  6. Ellen Nakashima (27 February 2015). "Security firm finds link between China and Anthem hack". The Washington Post.
  7. Brian Krebs (9 April 2016). "Anthem Breach May Have Started in April 2014". Krebs On Security.
  8. Teri Robinson (26 July 2016). "ThreatConnect: Guccifer 2.0 likely persona for Russian-linked propagandists, PR operatives leaking info to media". SC Magazine. Haymarket Media Group.
  9. "US cybersecurity firms say Russia likely behind hacks". The Times of Israel. Associated Press. 1 August 2016.
  10. India Ashok (29 September 2016). "Journalists investigating MH17 hacked by Russia-backed Fancy Bear hackers - ThreatConnect". International Business Times.
  11. Sam Thielman (23 August 2016). "Same Russian hackers likely breached Olympic drug-testing agency and DNC". The Guardian.