7 months ago
140
The violent extremist threat landscape is changing
Recorded Future threat intelligence analyst Paul S. shared that the domestic violent extremist (DVE) threat landscape in the US has shifted over the past year. According to Recorded Future’s assessments, the DVEs that represent the greatest risk of conducting violent attacks against organizations in the US (i.e., neo-Nazis and white supremacists, anti-government and anti-authority actors, and anarchists) are increasingly considering targeted physical attacks against individuals rather than mass casualty attacks.
(For more information on domestic violent extremism, check out this report from Recorded Future’s Insikt Group®: US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025.)
Paul S. noted that violent extremists have “celebrated, promoted, or encouraged” events like the 2024 assassination attempts against then- presidential candidate Donald Trump, the December 2024 assassination of UnitedHealthcare CEO Brian Thompson, and the June 2025 assassination plots against lawmakers in Minnesota. Their aims, he said, are to threaten public figures and boost their own recruitment efforts by playing on public sympathies for some of the attacks, perpetrators, or ideologies.
As a result, high-profile figures in the US including C-suite executives and senior government officials are at heightened risk from physical threat activities. “DVEs and other threat actors are leveraging sources of digital exposure and identifying soft spots in operational security to target personnel,” he said.
He also said that, while the specific violent extremist groups that pose a threat in Europe are different from those in the US, they fall into similar ideological buckets. And it seems that European groups are taking cues from the US threat landscape as they shape their operations.
Recorded Future threat intelligence analyst Mary P. said that. “Data breaches happen everywhere, exposing information. Regardless of jurisdiction, social media can be a major source of exposure.”
TTPs remain the same, with some enhancements
Paul S. noted that violent extremists’ tactics, techniques, and procedures (TTPs) seem likely to remain the same, with physical threats including online targeted threats, stalking, harassment, physical approaches, sabotage, surveillance, disruptive protests and demonstrations, doxxing, swatting, and more. Recorded Future has also seen increased use of drones and unmanned vehicles, generative AI, 3D-printed firearms, cryptocurrency, and end-to-end encrypted communication applications.
“We've also seen some efforts by violent extremists—especially those focused on online threats—to improve their in-house, open-source intelligence capabilities by leveraging online information on their targets,” he said.
In Europe, where access to firearms is limited, there's been more experimentation with 3D-printed firearms and other types of weaponry.
Executives face multiple sources of digital exposure and online risk
Mary P. explained that the availability of personally identifiable information (PII) on the Internet leaves private and public sector executives increasingly vulnerable to physical and cyber threats.
“Not only can threat actors take advantage of individual sources of online exposure,” she said, “but they can also combine multiple sources of exposure, using one source to pivot to another to improve overall targeting.”
Brian Solecki, Recorded Future’s Director of Security and Safety, said that these sources of digital exposure enable threat actors to develop information on home and work locations, patterns of life, modes of travel, and other information that affords them the opportunity to develop and implement plans for physical attacks.
Modern executive protection begins with intelligence
Solecki described threat intelligence as the foundation of any comprehensive security strategy. “It affords organizations the opportunity to allocate the appropriate resources toward the physical security procedures and cybersecurity measures they need to mitigate identified threats.”
He also discussed the importance of setting up priority intelligence requirements (PIRs), critical pieces of information to help security teams anticipate, prevent, and manage threats against their executives. A key PIR involves monitoring online activity and social media for suspicious activity or threats.
“This can help you to determine the viability or the level of threat posed by individuals or groups that could target your executives,” he said. “It also allows you to assess the protocols and plans you already have in place to make sure they're sufficient to the threat landscape.”
When asked what security teams can do to protect executives in a time when it’s impossible to lock down someone’s online presence, the panelists provided several recommendations, including:
- Don’t make schedules or family information public.
- Limit posting controversial statements on social media.
- Remove PII from the Internet wherever possible.
- Use the strongest possible privacy settings.
- Educate family members about digital risks.
How Recorded Future solutions help organizations protect their people and assets
Mary P. shared a number of ways customers can use Recorded Future to protect their people and assets. For example, they can monitor the dark web and underground forum sources, track negative sentiment toward their organizations online, detect compromised executive credentials, and monitor for data breaches. They can also use the Recorded Future Analyst On Demand service to commission executive security assessments.
Paul S. noted that Recorded Future’s threat intelligence sourcing makes all the difference. The company is constantly identifying new sources and adding them to the Recorded Future Platform so customers can use them to build queries and identify instances of exposures, targeting, and threats.
Take a deeper dive on executive and asset protection
The webinar included an audience Q&A session, which covered top platforms and forums for threatening content, correlations between threats and negative sentiment campaigns, and more. Watch it on demand, and then schedule a demo to see how Recorded Future solutions can help address your organization’s unique security needs.
Below are select questions from the audience during the webinar, some were answered during the session and others have been answered in this blog post.