Profile picture
Gordon Corera @gordoncorera
, 16 tweets, 3 min read Read on Twitter
Breaking - Dutch intelligence (with help of British) disrupted a Russian GRU cyber operation targeting OPCW on April 13th. Four Russian intelligence officers escorted out of country.
MORE - Investigation of laptop of one of four Russian intelligence officers found it was also active in Brazil, Switzerland and Malaysia. In Malaysia it was used to target the investigation into MH-17 crash.
More details will come from a US DOJ indictment this afternoon, Dutch government says. Unusual to release details of a counterintelligence investigation, Dutch say, but its because want to send a clear message that Russia must stop these operations.
GRU was planning a ‘close access hacking operation' targeting the wifi-network of the OPCW
4 Russian individuals came to Netherlands on diplomatic passports in April. It became clear were GRU officers. Press conference being shown pictures of the men arriving at airport - all are being named. Two cyber operators had sequential passport numbers. Accompanied by 2 others
Intelligence supplied by UK helped show they were planning a close access hacking operation at the OPCW using a new technique. Found equipment in car boot used to intercept people's log-ins. Antenna was pointed at OPCW
When equipment was turned on there was a threat to OPCW and so arrested and deported. How can we be sure not on holiday, asks Dutch intelligence chief in a reference to the RT interview of the Salisbury duo? They carried multiple phones and tried to destroy one when arrested.
Men had specialist equipment. One of their cell phones activated in Moscow in April – near the GRU. One carried a taxi receipt for journey from street right by GRU to the international airport on 10 april.
Laptop data showed other trips. Present in Lausanne linked to hacking of a WADA conference laptop. Also present in Malaysia at hotel where those looking into MH-17 crash based. Also may have been intending to go to Switzerland after Netherlands - probably to Spiez lab.
Team deported were from GRU Unit 26165 – same as APT 28, says UK official. Another unit is sandworm - active remotely from Russia. It was active after Salisbury – In March it tried to compromise UK foreign office computer systems and in April targeted DSTL and OPCW
US DOJ will disclose charges this afternoon against Russian intelligence officers, says Dutch defence minister. Also Russian Ambassador has just been summoned to Dutch Ministry of Foreign Affairs to be told behaviour unacceptable
Just asked Dutch intelligence chief if target was Skripal investigation - he says it is impossible to be sure from technical evidence but it is the case they were trying to target the OPCW at the time it was investigating the Skripal case and the Douma case in Syria
One addition - intelligence from GRU laptop shows at a conference in Lausanne not just World Anti-Doping Agency hacked and then infected with APT 28 malware but also International Olympic Committee
FBI has a useful guide to how the GRU 'Close Access' kit found in the car in the Hague worked. Members of GRU Unit 26165 certainly got their air miles - Rio, Malaysia, Amsterdam, Switzerland.
Not sure as simple as saying GRU ‘sloppy’. Only caught as w. intelligence watching them from the start or else they would have got away with it. Not cleaning up laptop from previous jobs does look a mistake though. That left a lot to analyse but only as they had to abandon it
British intelligence certainly involved but no one in UK or Netherlands saying how they got onto the GRU team in the first place.......that will be what worries GRU most....
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Gordon Corera
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
#BREAKING
Germany faces the biggest hacker attack in its history.
Private data of almost 1000 German #Bundestag, #Regional Parliament & #EU delegates was leaked.
I worked through the leaked data all night. It's shocking!
Not affected so far: #AfD.
bild.de/politik/inland…
#BTleaks
The scale of the attack is unprecedented
Mobile phone numbers, addresses, private family conversations, vacation pictures, bills, communications between politicians, work emails etc. were leaked
In most cases, Outlook was hacked, in some cases also Facebook, Twitter etc.
#BTleaks
The leaked data, which was illegally collected until October 2018 and released December 2018, but just found now, is still publicly available.
I searched through it 5 hours last night, read maybe 3%of it and already found cases of corruption and bad political scandals.
#BTleaks
Read 22 tweets
Profile picture
#BREAKING
Syrian TV reporting:
"Syrian air defense units firing over Damascus due to missile attack"
#BREAKNG
Video footage of Syrian air defense units currently in action near #Damascus
#BREAKING
Explosions heard around Damascus Province following measures taken by air defense units firing moments ago.
Possible new Israeli air strike.
#Syria
Read 35 tweets
Profile picture
#BREAKING: It is expected that the #Israel takes advantage of the chaos in #Syria to carry-out an airstrike against #Syrian military infrastructures probably tonight or tomorrow night. (Archive image)
#BREAKING: Following to the plans, #Israel Air Force launched an airstrike against a military facility near #Damascus minutes ago. #Syrian Pantsir-S2 and S-200 SAM sites at Mazzeh, Al-Dimas, Al-Kiswah & #GolanHeights have launched missiles at cruise missiles. Here is first video:
#BREAKING: Video shows #Israel Air Force's F-16I Sufa fighter jet returning #Israel after launching Delilah cruise missiles at a #Syrian Military Base near #Damascus. Obviously its pilot is launching flares to flee surface to air missiles launched at it over #GolanHeights.
Read 16 tweets
Profile picture
#Breaking: The #YellowVests protests in France #Paris are getting out of hands people throwing Molotov Cocktails, and self made minor explosive devices. #GiletsJaunes as people demand for French President #Macron to resign.
#Update: More then a dozen of cars, Scooters, and vans have been set on fire in #Paris in France! People are scaling the Champs-Élysées monument and are screaming #Macron resign now! #GilletsJaunes #YellowVests
#Update: Some pictures of the protests today in #Paris in France.
Read 28 tweets
Profile picture
#BREAKING: 12 Russian intelligence officers indicted for hacking the DNC/Clinton campaign & releasing info with intent of influencing election.
DOJ: Russian hackers also conspired to hack into computers of state boards of elections and other technology related to the administration of elections to steal voter data #BREAKING
DOJ: no allegation that any American was a knowing participant, no allegation the charged conduct alter the vote count or changed elxn outcome
Read 9 tweets
Profile picture
#BREAKING: Reports in #Syria indicate #Israel struck the T4 airbase in Homs Province. It is a major logistical hub for #Iran moving men, material, weapons, and more into Syria.
Reports also indicate several air defense missiles were fired in response.
In the days ahead, watch for what weapons system was destroyed and the number of #Iran #IRGC members killed and their portfolios.
Read 12 tweets

Trending hashtags

#MAGA #LGBT #Treason #France #Conspiracy #RichardBurt #GRU #Mercer #Deripaska #CANCELPUTIN #Firtash #Beirut #MuellerTime #Russia #Busted #SteeleDossier #YPG #CambridgeAnalytics #Russian #StopBrexit #IranPlaneCrash #IranProtest #Iraq #Pentagon #UNGA

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!