● SYSTEM OPERATIONAL

Operating Below
The Surface

Project Agartha detects adversaries that hide in the deep layers of your infrastructure, operating where traditional security tools cannot see. They operate below the networking surface. The problem is prolific and the losses are massive.

About Project Agartha

Named after the legendary civilization hidden deep within the Earth, Project Agartha represents our commitment to exploring the deepest layers of digital infrastructure where adversaries operate with impunity.

Traditional cybersecurity operates at the surface level—firewalls, endpoint protection, and network monitoring. But sophisticated threat actors have gone deeper, embedding themselves in a very lareg set of victims and networks. We chase them into those depths.

The Project Agartha Team

The Project Agartha team has come together from a broad range of organizations to work together to tackle and remediate this problem. The malware affects organizations of all types. However, there is significant focus by the adversary on critial infrastructure and key resource (CI/KR) organizations. Including state/local/education (SLED) organizations, corporations, universities, and all the other CI/KR organizations out there.

The Adversary

The adversary has been identified, but this information will not be disclosed at this time. It is a nation-state threat actor with massive resources.

The National Cyber Warfare Foundation (NCWF)

The National Cyber Warfare Foundation (NCWF) is working collaboratively to factilitate this project with tools, people, and our data centers. Serving as a central coordinator, the NCWF is helpinmg the very broad group of entities work effectively and efficiantly together. The legal and organizational nature of the NCWF allows it to break down silos and enable collaboratiuon where traditional methods have been unable to deliver results.

Core Team

Due to the sensitive nature of this project, aliases are being used.

1

Deep Threat Types Found

0

Zero-Days Disclosed

< 1

Years Operating

∞

Depth Reached

Deep Detection Technologies

Our proprietary tools operate at the substrate level of digital infrastructure, illuminating threats that hide in shadowed corners of the stack.

Detection Depth Architecture

Surface Level Canaries (Traditional) Devices that will detect the indicators of the infiltrations and flag them using only network packet header information.

Infrastructure Layer Network traffic capture servers that capture only the malicious traffic on a victim network.

Deep Substrate (Agartha) A suite of systems including Firmware analysis, Hypervisor analysis, Hardware evaluations

Support Our Mission

Project Agartha operates independently to ensure unbiased threat research. Your support enables us to go deeper and stay hidden from those who would stop us.

Our resources are limited, our services will be delivered on a first-come/first-served basis and priority adjustments may be made at the discretion of the Project Agartha team. If all of our devices/systems/people are already in the field, a waiting list will be maintained.

Enterprise Partnership / Collaboration

Organizations seeking deep-dive security assessments or threat intelligence partnerships can contact us directly for custom engagement options.

Support our mission financially

The work we are doing is critical for our security (national, SLED, corporate). Financial resources enable us to offset costs of operation and logistics. We are a private group and not federally funded. Our specific organization allows us the freedom to conduct the mission without limitations.

Agartha Canaries

Low threashold. Low technical requirement.

Our canary devices are small form factor, non-intrusive, plug-and-play, devices that passively observe network headers for Indicators of Compromise (IoCs). These devices are essential to aid our efforts to identify compromised victims. This further enables our team to request the installation/implementation of a Network Traffic Capture Server when permitted.

The devices read the network packet headers only. Not the data segment of the network packets. The only information in the network packet header is from, to, packet size, etc. All data is considered TLP:Red and only Project Agartha team members have access. The data is not bulk captured. ONLY relevant notifications are flagged, captured, and sent ot Project Agartha servers for notifications and reporting.

Help Us!

Network Traffic Capture System (NTCS)

Non-invasive. Focused Capture.

Our Network Traffic Capture Systems are focused on capturing only the relevant malware packets, storing them, and sending them to our team for analysis. ONLY our team will have access to the captured data. The NTCS srevers are passive only and will not store any network traffic outside the specific malware related traffic.

The NTCS servers are sized to the network pipe with the usual network sizing:

1 gigabit (1GB)
10 gigabit (10GB)
40 gigabit (40GB)
100 gigabit (100GB)
400 gigabit (400GB)

Request NTCS Server

Agartha Deep Trace

Persistent. Thorough. Reliable.

Our Deep Trace system is a comprehensive strategy for the identification of malware related to Project Agartha. This system is designed to establish a persistent stare on traffic transiting your organizations systems and to capture all related malware traffic. It also will automatically capture the malware on infected systems.

...

Request early Deep Trace Access

Agartha Watch

Real-time. Global. Fast.

Agartha Watch is a real time feed of Indicatgors of Compromise (IoCs). Access to this feed is strictly limited and subject to authorization by the Project Agartha team.

The real-time feed is available in the following formats:

syslog
Stix/Taxii

Agartha Watch Authorization Request

Secure Contact

For inquiries, use the form below.

Send Message

Identity

Secure Email

Message

Priority Level

Operating Below The Surface