Discover and read the best of Twitter Threads about #APT28
Most recents (14)
Continuing our thread on Aleksey Morenets....
Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.
We have heard that his staff are not happy with his management. We know that in the lead up to the war with Ukraine staff had their working hours extended by Morenets while he remained on regular hours.
🚨 @Mandiant’s M-Trends is here!! 🚨
Stories include 👀
1️⃣ Mandiant’s insights on attacker operations from the frontlines
2️⃣ Ukraine holds the line against 🇷🇺’s cyber operations
3️⃣ Uncommon techniques, successful hacks
4️⃣ DRPK getting 🔐coin
5️⃣ Red Team vs the ☁️
6️⃣ 🎓 APT 42
Stories include 👀
1️⃣ Mandiant’s insights on attacker operations from the frontlines
2️⃣ Ukraine holds the line against 🇷🇺’s cyber operations
3️⃣ Uncommon techniques, successful hacks
4️⃣ DRPK getting 🔐coin
5️⃣ Red Team vs the ☁️
6️⃣ 🎓 APT 42
🔑 Takeaways
By The #️⃣
↪️👩🏼💻 Attackers are using what works in region that’s being targeted.
↪️Perimeter device #exploits 💥were used at a higher frequency in 2022.
↪️ Ransomware may be down, but specific ransomware families are proving to be formidable opponents.
By The #️⃣
↪️👩🏼💻 Attackers are using what works in region that’s being targeted.
↪️Perimeter device #exploits 💥were used at a higher frequency in 2022.
↪️ Ransomware may be down, but specific ransomware families are proving to be formidable opponents.
Es braut sich etwas zusammen: Europaweit #DDoS-Attacken auf Ministerien und Behörden, #Ransomware-Angriff auf die Lürssen-Werft... Bei Sicherheitsbehörden und IT-Sicherheitsexperten wächst die Sorge vor einer Mischszene aus Cyberkriminellen und pro-russischen Hacktivisten /1
In den vergangenen Monaten haben sich mehrere Hacker-Gruppen, darunter die Hacktivisten von "Killnet" und "NoName057", aber auch Ransomware-Gruppen zu neuen pro-russischen Kollektiven zusammengeschlossen, um den Kreml mit Cyberaktionen zu unterstützen. /2
Part of the #VulkanFiles is “Scan-V”, a framework to conduct cyberoperations with greater speed, scale and efficiency. Basically, it's purpose is helping the GRU to achieve its mission. One of the indended end-users seems to be #Sandworm.
sueddeutsche.de/projekte/artik…
sueddeutsche.de/projekte/artik…
At its heart, Scan-V is designed to scour the web for vulnerabilities that are then stored in an “ultra-large” database. When a new operation starts, things like identifying targets and initial entry supposed to be already at the hackers’ fingertips
derstandard.de/story/20001449…
derstandard.de/story/20001449…
The docs also describe the ability to store e-mails (pst-files), pcaps (network traffic) and network-layouts. Stuff you can’t just scan for externally. Storing info on previously breached targets in case your next task is to hack them again
blog.sekoia.io/sekoia-io-anal…
blog.sekoia.io/sekoia-io-anal…
Paul Manafort was working with Russia's GRU and the SVR on the Barker Plan and the Mariupol Plan.
Russian collusion, @DonaldJTrumpJr.
Russian collusion, @DonaldJTrumpJr.
What was William Barr of Kirkland & Ellis doing in London for Oleg Deripaska?
Russian collusion.
Russian collusion.
What was William Barr of Kirkland & Ellis doing in London for Oleg Deripaska?
Russian collusion.
Russian collusion.
Attendees to the Trump Tower meeting included Donald Trump Jr., Natalia Veselnitskaya (SVR), Rinat Akhmetshin (GRU), Anatoli Samochornov, Ike Kaveladze (Crocus), Paul Manafort, Jared Kushner & Rob Goldstone (Emin Agalarov's Proxy).
Russia's GRU & SVR were helping Paul Manafort.
Russia's GRU & SVR were helping Paul Manafort.
Russia's SVR was helping Paul Manafort on The Barker Plan.
Evgeny Fokin.
#UnitedWithUkraine #StandWithUkraine
Evgeny Fokin.
#UnitedWithUkraine #StandWithUkraine
Russia's GRU was helping Paul Manafort on The Mariupol Plan.
Konstantin Kilimnik.
#UnitedWithUkraine #StandWithUkraine
Konstantin Kilimnik.
#UnitedWithUkraine #StandWithUkraine
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
What was William Barr doing in London and did it involve The Barker Plan?
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
What was William Barr doing in London and did it involve The Barker Plan?
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
#ArrestBarrNow
Mercury Public Affairs and The Barker Plan.
It is a Conspiracy to Defraud the United States.
#ArrestBarrNow
We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ).
Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR
#APT28 #GRU #FANCYBEAR
US agencies warned of the threat posed in a 45-page security alert released in August 2020 and companies such as Schneider Electric offered mitigation to customers in advance of fixes to their operating systems.
media.defense.gov/2020/Aug/13/20…
media.defense.gov/2020/Aug/13/20…
Hi!
For the past six months, @FlorianFlade and I've been working on a podcast. Today is release day of "Der Mann in Merkels Rechner". At its core, we wanted to answer one question: How exactly can you find out who is behind a hacking operation?
br.de/mediathek/podc…
(1/6)
For the past six months, @FlorianFlade and I've been working on a podcast. Today is release day of "Der Mann in Merkels Rechner". At its core, we wanted to answer one question: How exactly can you find out who is behind a hacking operation?
br.de/mediathek/podc…
(1/6)
We chose to focus on the intrustion of the 🇩🇪parliament in 2015. Hacked by #FancyBear/#APT28. Since there's an arrest warrant, you can tell the story front to back. The podcast has five episodes and is in German. I'm going to summarize key bits here, one thread per episode
(2/6)
(2/6)
We spoke with dozens of people, if possible, on-record, e.g.:
Adrian Nish (BAE Systems), he alerted the Germans
@nunohaien of Crowdstrike
Adam Hickey, Deputy Assistant Attorney General at DoJ
Dutch intel agency MIVD
Michael Hange, former head of @BSI_Bund
@ciaranmartinoxf
Adrian Nish (BAE Systems), he alerted the Germans
@nunohaien of Crowdstrike
Adam Hickey, Deputy Assistant Attorney General at DoJ
Dutch intel agency MIVD
Michael Hange, former head of @BSI_Bund
@ciaranmartinoxf
Developing" #Russia #Chia #Iran hackers targeting @realDonaldTrump @JoeBiden presidential campaigns
"foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated" per @Microsoft's @TomBurt45
blogs.microsoft.com/on-the-issues/…
"foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated" per @Microsoft's @TomBurt45
blogs.microsoft.com/on-the-issues/…
#Russia's #Strontium (also known as #FancyBear or #APT28) "has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants" per @TomBurt45
#China's #Zirconium "has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community" per @Microsoft 's @TomBurt45
Exklusiv: Der @GBA_b_BGH hat einen Haftbefehl gegen einen russischen Cyberspion erwirkt. Er soll am Bundestagshack beteiligt gewesen sein. Unsere @SZ @WDRinvestigativ - Recherche: sz.de/1.4891668 Mehr in diesem Thread ⬇️ #APT28 #FancyBear #Spionage #Justiz #BKA
Dmitriy Sergevevich Badin ist russischer Staatsbürger, geboren 1990 in Kursk, Russland. Er soll der Cyber-Einheit 26165 des russischen Militärgeheimdienstes #GRU angehören.
“Contacts were pulled from service member’s devices and family members have been getting threats and disturbing messages from hackers...deployed 82nd troops have been hacked and that messages were sent to family members to scare them.”
militarytimes.com/flashpoints/20…
militarytimes.com/flashpoints/20…
Strangely enough, you know who did the same thing against the spouses of US service members? Russia’s #GRU hackers, #APT28. Total false flag attack framing ISIS as an info op.
nbcnews.com/storyline/isis…
nbcnews.com/storyline/isis…
This would be surprisingly easy to pull off. Just look through public records of any troopers assigned to @Strike_Hold, send them phishing emails, gain access to their contact list and send emails. Spammers do this all the time (just not threatening emails).
Merry Christmas everyone.
Powerful synthesis of the evidence thus far on #Guccifer2 from @with_integrity:
Guccifer 2.0 Game Over – Year End Review
disobedientmedia.com/2018/12/guccif…
Powerful synthesis of the evidence thus far on #Guccifer2 from @with_integrity:
Guccifer 2.0 Game Over – Year End Review
disobedientmedia.com/2018/12/guccif…
A Christmas present that everyone who appreciates the truth will thoroughly enjoy.
disobedientmedia.com/2018/12/guccif…
disobedientmedia.com/2018/12/guccif…
Discussing the #Forensicator's first analysis of #NGPVAN:
"That study has been the subject of some controversy, although mostly built on conflating the findings with various interpretations of them, and with reporting on the study conducted by third parties."
"That study has been the subject of some controversy, although mostly built on conflating the findings with various interpretations of them, and with reporting on the study conducted by third parties."
#AssisesSI, J2 : in da place pour écouter @felixaime (chercheur @kaspersky) parler de l'enquête sur #OlympicDestroyer, le malware perturbateur de JO (cf mobile.lemonde.fr/pixels/article…)
Intéressant: les attaquants ont voulu se faire passer pour des pirates nord-coréens spécialisés dans le ciblage d'institutions financières (#Bluenoroff ou #APT38)
Où l'on retrouve #Sofacy a.k.a. #FancyBear / #APT28 et la galaxie autour (BlackEnergy, NotPetya, BadRabbit). #PoupéesRusses
