Share this page!

John Hultquist Profile picture
Twitter logo
22 Oct, 4 tweets, 1 min read
The motive behind the Iranian Proud Boy operation is not transparent, but it's interesting that the email campaign and the video preyed on distinct fears from both sides of the partisan divide. 1/x
I'm not of the opinion that the emails were expected to keep a significant number of people away from the polls. I think it's more likely that they were designed to reinforce existing fears of voter intimidation. The focus here was probably Democrats. 2/x
The video began with the President's comments on the insecurity of mail-in voting before offering a dubious attempt to demonstrate a vulnerability in the mail-in voting process. This content appears to have been focused on fears from the other side of the aisle. 3/x
The goal of operations that prey on both sides is to broaden existing divides. By serving up something for everyone the sponsors of this operation undermine the whole democratic process. That's probably their primary aim. 4/x

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Hultquist

John Hultquist Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @JohnHultquist

John Hultquist Profile picture
23 Oct
1/ Follow this thread as I highlight @blar51
as part of the #sharethemicincyber campaign. I am proud to give this talented #cybersecurity practitioner the spotlight. #BlackNatSec #BlackTechTwitter Image
2/ Meet @blar51, an incredibly talented cybersecurity practitioner you should know all know! Born and raised in Detroit, MI, Brandon has an associate’s degree in Computer Networking from Washtenaw Community College and works at Proofpoint.
3/ @blar51 was introduced to computers through friends in the year 2000 and developed his skillset at a computer trade school.
Read 21 tweets
John Hultquist Profile picture
19 Oct
Today's indictments are a laundry list of Sandworm's misdeeds, some of which were never officially recognized until now. They are the most aggressive actor I have ever encountered and they have been my greatest concern for the upcoming election. 1/x fbi.gov/wanted/cyber/g…
In addition to the 2016 US election interference, Sandworm was responsible for:
-Intrusions into US critical infrastructure
-Ukraine blackouts and other infrastructure targeting
-NotPetya
-MacronLeaks
-Pyeongchang Olympics attack
The latter two are very important right now. 2/x
The Pyeongchang Olympics attack was the culmination of a lengthy harassment campaign following Russia's ban from the Games in South Korea. Attacks on Olympic orgs began within hours of the decision. DDOS. They sent an away team to hack orgs from right outside. 3/x
Read 14 tweets
John Hultquist Profile picture
18 Aug
Volume 5 of the Senate's report on Russian active measures and interference in the 2016 election is out. 1/x intelligence.senate.gov/sites/default/…
The report calls Konstanin Kliminik a Russian intelligence officer and suggests he may have been aware of the hack and leak operation. 2/x ImageImage
Nice to see similar conclusions to our own show up in the report. In August 2016 we told Bloomberg that DCLeaks lacked the juice of Wikileaks to have the effects the GRU sought and so they pivoted. Reminder of the limitations of personas. Not as good as established sources. 3/x ImageImage
Read 7 tweets
John Hultquist Profile picture
29 Jul
We are releasing reporting on Ghostwriter, IO activity focused on Poland, Lithuania, and Latvia, which leverages false narratives and fabricated content often planted on compromised media sites. The activity is consistent with Russian interests. 1/x fireeye.com/content/dam/fi…
Ghostwriter began as early as 2017 and is still going strong, pushing Anti-NATO sentiment on the frontiers of the alliance. NATO soldiers hosted in these countries are portrayed as carjackers and blamed for desecrating cemetaries. Now they are portrayed as COVID-19 carriers. 2/x
Quotes, images, documents are fabricated to provide bona fides to Ghostwriter narratives in a manner similar to Secondary Infektion, though we have not found a link. For instance, a letter from the Secretary General of NATO claimed NATO was leaving Lithuania due to COVID. 3/x
Read 8 tweets
John Hultquist Profile picture
21 Jul
The indictment of two Chinese nationals who carried out intrusions for the MSS is full of interesting insights on the state of Chinese cyber espionage. 1/x justice.gov/opa/press-rele…
First off, consider the efficiency of this capability. Two guys responsible for stealing hundreds of millions in intellectual property. And better yet, they're contractors, so limited overhead for the PRC! 2/x
Not the first time we've seen an extortion scheme from contractor types. APT41 has done something similar when seeking to monetize their access. Being allowed to carry out crime while under the protection of the state is just one of the benefits of this type of relationship. 3/x
Read 9 tweets
John Hultquist Profile picture
5 Jan
Some coalescing thoughts on Iran's cyber capability. The first is that while cyberattack (disruption/destruction) is on the table, the most consequential capability may be cyber espionage. There will be cyber espionage against gov/mil targets as well as personnel of interest. 1/x
Iran, like others, has recently focused on moving upstream by compromising telecoms and travel. That way they can identify and track specific people. These operations put people in physical danger, especially in terrorism scenarios. 2/x fireeye.com/blog/threat-re…
Some of this activity has been enabled by DNS shenanigans, which was a leap forward for their operations. This report discusses those operations as well as some we attribute to SeaTurtle, another actor. 3/x fireeye.com/blog/threat-re…
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @JohnHultquist