Discover and read the best of Twitter Threads about #notpetya

Most recents (8)

1/ Thread on diff #cyber skirmishes b/w #Russia and #Ukraine. Initially enlisting the ones alleged to Russia.

2014, Beginning of armed conflict in region started when Russia invaded and annexed the #Crimea Peninsula & started sp the regions of #Luhansk & #Donetsk.
2/ 2015, Post Russian invasion of the Crimean Peninsula, alleged Russian hackers managed to knock out electric power for around 230,000 customers in western Ukraine.
3/ 2016, Attackers repeated the same sequence, expanding the targets to incl govt & banking sector.
Read 13 tweets
NEW: "At best at the moment we have strategic warning...everyone knows there is a gathering storm" per US National #Cyber Director @ncdinglis, who tells @thecipherbrief summit agencies, private sector need something more
"We need to double down on resilience" per @ncdinglis to be better prepared for or able to avoid the next #Log4j
#Ukraine-#Russia-#Cyber: "We've seen this play before" per @ncdinglis referring to #notpetya

"We have to double down on collaboration...create relationships and muscle memory" to deal w/whatever crisis might unfold, he says
Read 4 tweets
A few words about how the current operation #attack13 is similar to or different from #notPetya and how it all looks inside Ukraine. A thread.
First of all, it is similar to the letter in the playbook:
1. Run wiper under ransomware disguise ✅
2. Run influence op to divert attention ✅
3. Pretend to be a patriotic hacktivist group ✅
4. Use supply chain provider for initial access ✅
Now, how it's different: one by one.
1. Unlike #notPetya, #attack13 seems a manual operation. notPetya looked more like a tsunami, unleashed either by mistake or with intent to cause maximum damage. The current MBR wiper seems to have no such goal and is precisely aimed at Ukrainian digital govt services.
Read 7 tweets
[FIL] La position de la France en matière d’attribution publique des cyber-attaques est en train d’évoluer
⬇️Quelques éléments en complément des fils de @jeangene_vilmer & @elise_vincent
1/ Alors que les États-Unis ont attribué publiquement une trentaine d’incidents à la Chine, la Russie, la Corée du Nord et l’Iran depuis 2014 (cf. ⬇️), jusqu’à date récente la France s’est toujours abstenue de le faire.
2/ Beaucoup de ses alliés n’ont pas fait ce choix et se sont associés aux dénonciations américaines à plusieurs reprises depuis 2017, notamment en réponse aux attaques #WannaCry #NotPetya #CloudHopper et contre l’OIAC.
Read 24 tweets
#Kollateralschaden im #Cyberkrieg

"...Unternehmen geraten zwischen die Fronten internationaler Hacking-Operationen. Und Deutschland? Will Firmen nicht schützen, sondern lieber mithacken..." 1/x

Kommentar von @maksumuto
sueddeutsche.de/digital/cybers…
"Experten sagen: Wer sein System nicht direkt geupdatet hat, kann davon ausgehen, dass er nun eine chinesische #Hintertür im System hat..." 2/x

#Fronttür #Backdoor #YouNameIt 🤷‍♂️
"IT-Sicherheitsunternehmen haben nicht genug Leute, um allen Firmen zu helfen, die jetzt Hilfe bräuchten. Ein IT-Profi spricht von einer Art Cyber-#Triage, also Hilfe nur für ausgewählte Firmen." 3/x
Read 14 tweets
The Iranian amateurs are scoring some quick hits, while their professionals are planning. I would expect to see some major impacts from both types of adversaries.
Iranian amateurs are going to have a field day with low hanging fruit. I doubt many of them are thinking about prosecution or retaliation right now, so expect to see a lot of attacks from 5kr1p7 k1dd13z, criminals, and probably some of their legitimate professionals.
Despite, or perhaps because of sanctions against them, Iran has one of the strongest STEM education programs in the world and is heavily investing in new technology. And right now these highly capable tech people are pissed off at the US. atlanticcouncil.org/blogs/iransour…
Read 16 tweets
REX de la cyberattaque #NotPetya par un ancien de Maersk... Impressionnant... Le malware a mis 7 minutes pour contaminer globalement toutes les entités... #SSI
Le CISO de Microsoft a contacté Maersk en leur disant qu'ils ont réussi à casser le chiffrement mis sur les ordinateurs grâce au Cloud... Mais ils ont mis 22000 heures pour une machine... Et chaque machine avait une clé différente... Impossible à appliquer sur 75k devices...
Des impacts monstrueux suite à #NotPetya chez Maersk... 100% des machines connectés sur le réseau ont été contaminés, Active Directory & DHCP contaminés, tous les datacenters (même cloud), les backups en ligne corrompus, etc.
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!