RESEARCH GROUP

GROUP 1818

// APPLIED RESEARCH // THREAT ANALYSIS // REGIONAL DEFENSE

The Illinois Cyber Foundation's dedicated research arm. We forge raw data into hardened intelligence, focusing on the risks and vulnerabilities impacting the Midwest's critical systems and infrastructure

02

CVEs Disclosed

05

Active Focus Areas

22+

Field Contributors

100%

Community Funded

CAPABILITY REQUIRES RESOURCES. PARTNER WITH GROUP 1818.

Fund The Mission

Regional Telemetry

// AGGREGATED SIGNAL VOLUME // INFRASTRUCTURE MONITORING

Infrastructure Sector Live Activity (72hr) Variance Condition
Municipal Gov
+124% CRITICAL
Manufacturing (ICS)
+12% HIGH
Education (K-12)
+45% SPIKING
Healthcare
+2% ELEVATED
Agriculture
-8% NORMAL

*Data represents aggregated telemetry samples and is not intended for decision making purposes.

Active Operations

// CURRENT RESEARCH PROJECTS // FIELD OPS

ALPR / Vehicle Tracking Research

Analyzing the ethical implications and potential for systemic misuse of automated vehicle tracking technologies in urban environments.

LAST_REF: 2025.12.18
Phase: Active Testing (65%)
In Progress

Project V.I.P.E.R

Securing the continuity of signals through a deep-field analysis of existing dissemination pathways within assigned radio frequency spectrums.

LAST_REF: 2025.12.10
Phase: Data Collection (40%)
Active Lab

Open-Source SIGINT Framework

A custom appliance that sanitizes the local airspace by intercepting Remote ID telemetry, converting unmapped aerial and wireless threats into actionable tactical data.

LAST_REF: 2025.11.28
Phase: Peer Review (90%)
Finalizing

Research Focus Areas

// CORE DISCIPLINES // OPERATIONAL VECTORS

Tradecraft Analysis

See a novel or interesting TTP used by a threat actor? Shoot us a note or join our community!

Software & Supply Chain Vulns

Investigating trust weaknesses and software bill of materials (SBOM) risks within the local supply chain.

RF Research

Exploring security protocols in cellular (5G/LTE), LoRaWAN, UHF/VHF, and satellite communications.

Regional Risk Foresight

Risk sharing specific to the Central Illinois business landscape.

Physical Security

Researching the intersection of electronic and hands on where physical breaches lead to digital compromise.

K-12 Simulation

Developing accessible, high-impact advisory counseling for school districts and charities.

Group 1818 Comms Channel

// ENCRYPTED CHANNEL // REAL-TIME THREAT SHARING

[TLP:CLEAR] [TLP:CLEAR]

Standard Operating Procedures

// DISCLOSURE PROTOCOLS // VENDOR ETHICS

Our mission is defense, not destruction. Group 1818 adheres to a strict Responsible Disclosure standard. We hold every vendor to this same rigorous standard.

REF: G1818-OPS-04 SUB: DISCLOSURE_PROTOCOL REV: 2025.1
01 // DETECT

Identification of anomalous behavior via passive monitoring or active intelligence gathering.

[ ACTIVE ]
02 // VERIFY

Rigorous internal lab testing to confirm the exploitability and impact of the finding.

[ REQUIRED ]
03 // COORD

Private outreach to the entity to establish a remediation timeline and fix validation.

[ PRIVATE ]
04 // DISCLOSE

Public release of redacted findings only after patching is confirmed or timeline expires.

[ PUBLIC ]

SUBMIT INTELLIGENCE

Do you have data relevant to regional defense or a vulnerability disclosure? Use our secure channels.

INITIATE CONTACT

Closed Investigations

// ARCHIVED CASE FILES // PUBLIC DOMAIN

CASE ID: 2023-A04 // RANSOMWARE

Agri-Business Recovery

Post-incident analysis of a LockBit 3.0 attack on a regional grain cooperative.

View File
CASE ID: 2024-V01 // HARDWARE

Smart Water Meter Vuln

Identification of default credentials in LoRaWAN water metering gateways.

Read Advisory
CASE ID: 2024-T09 // PHISHING

"Cornfield" Campaign

Breakdown of the social engineering campaign targeting seasonal agricultural workers.

View IoCs

Fund the Mission

CAPABILITY REQUIRES RESOURCES.

Explore Partnerships