Share this page!

Dmitri Alperovitch Profile picture
Twitter logo
19 Dec, 5 tweets, 1 min read
It strikes me that how we respond to the #SolarWindsHack strategically, in public messaging, and in some ways, even tactically, would be vastly difference had we believed it was GRU, and not SVR intelligence service who was behind it 1/
The reason being that SVR, unlike GRU, has no post Soviet history of conductive destructive attacks or attacks that violate established norms (in cyber or physical worlds).

Another reason probably being that SVR is a civilian intelligence agency, not a military one 2/
This yet again highlights the critical importance of attribution for both strategic and tactical decision making in government and private sector alike.

And the importance of specificity of attribution on multiple levels. Nation State vs Criminal, RU vs CN, GRU vs SVR 3/
A lot of the people currently making unhelpful and dangerous comments such as “this is war” or “we need to punch back” are not making the GRU vs SVR distinction and are treating attribution as simply “The Russians” 4/
This also should serve as an important reminder for Western governments about selection of the right agency for specific offensive cyber missions (ex NSA/CIA vs USCYBERCOM) so as not to send the wrong signal to the adversary about the goal of the operation 5/5

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dmitri Alperovitch

Dmitri Alperovitch Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DAlperovitch

Dmitri Alperovitch Profile picture
15 Dec
#SolarWinds hack update thread.

One word of caution, particularly for reporters publicizing hack victims. Many of the Orion platform customers have downloaded the backdoored update and it would have likely eventually contacted the C2 servers 1/4
Those backdoors and C2 connections are now being discovered by IR teams that are searching logs and systems for indicators published by @FireEye. However, this discovery does not necessarily mean the attackers did anything damaging to that organization 2/4
@FireEye In fact, most appear to have done a DNS lookup to the C2 server and received back a ‘kill switch’ response that indicates the adversaries had no interest in that victim 3/4
Read 4 tweets
Dmitri Alperovitch Profile picture
8 Dec
With the Fireeye breach news coming out, it's important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1/
Security companies are a prime target for nation-state operators for many reasons, but not least of all is ability to gain valuable insights about how to bypass security controls within their ultimate targets 2/
The biggest news here for me is the admirable standard that Kevin Mandia and @Fireeye team is setting in rapid and transparent disclosure of the intrusion, as well as release of red team tools stolen by the adversary 3/
Read 5 tweets
Dmitri Alperovitch Profile picture
16 Jan
Prediction for 2024 in Russia based on yesterday’s news:

Medvedev comes back into a now much weakened position of President

Putin steps back to a now very powerful position of Chairman of Security Council, a General Secretary of the Politburo of sorts 1/
Medvedev is the only successor that Putin truly trusts given their very long history together going back to St Petersburg in early 90s. Plus the presidency will be much weaker and will be of limited threat to Putin himself 2/
Putin’s very powerful new role as Chairman of Security Council will give him full control of the security forces (the only thing that matters for hanging on to true power, while allowing to step back from the boring and mundane job of running the country 3/
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @DAlperovitch has new unrolls!

Check out other threads from @DAlperovitch!

Read all threads by @DAlperovitch