Positive Technologies, the Russian security firm sanctioned this wk for allegedly helping Russian spies hack the US, has for yrs belonged to Microsoft's MAPP program, which gives security vendors advance access to info about vulns and proof-of-concept code zetter.substack.com/p/sanctioned-f…
Although the allegations against Positive Technologies cited by the Treasury Dept were vague, a little-seen report published by the Atlantic Council last month appears to provide much more detail about the activities that may have led to the sanctions against the company.
That report doesn't name Positive Technologies at all, instead it uses a code name - ENFER - to refer to a Russian security firm aiding Russian spies. ENFER has allegedly reversed/repurposed malicious code found on Russian gov networks to create exploits for other intrusions.
ENFER also allegedly created exploits for SS7. It developed the techniques while performing security defensive services for a prominent Russian telecom client. The techniques were then used on other telecom networks including in Middle East and provided to other state services.
According to report, ENFER offers legit code-auditing services, pen-testing, vuln research and threat intel to corporate/gov clients, while giving weaponized exploits to Russian gov. The work is done “in response to direct tasking by officers of the FSB on specific projects"
The work ENFER does for the FSB allegedly includes development of offensive tools for conducting system and network reconnaissance and exfiltrating documents, infrastructure engineering, and even managing command and control servers.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

15 Apr
Pfizer CEO said during panel today that people will have to get a third "booster" shot of the Covid vaccine 6-12 months after receiving the two initial shots, and then potentially everyone will have to be vaccinated again each year facebook.com/watch/live/?v=…
"There are vaccines that are like polio that one dose is enough... and there are vaccines like flu than you need every year," he said.

"The Covid virus looks more like the influenza virus than the polio virus."
Biden official said something similar this morning. "Dr David Kessler, the Biden administration's chief science officer of COVID response, said that Americans should expect to receive booster shots, especially as variant continue to spread."
Read 5 tweets
12 Apr
The blackout at Natanz nuclear facility in Iran was caused by explosives, not a cyberattack. "a large explosion that completely destroyed the independent—and heavily protected—internal power system that supplies the underground centrifuges nytimes.com/2021/04/11/wor…
"The officials, who spoke on the condition of anonymity to describe a classified Israeli operation, said that the explosion had dealt a severe blow to Iran’s ability to enrich uranium and that it could take at least nine months to restore Natanz’s production."
Clarification: the story says the blackout was caused by a large explosion. Theoretically such an explosion could be triggered by a cyberattack, depending on how it's done. But this sounds like it was physical sabotage rather than cyber. TBD
Read 5 tweets
11 Apr
Announcing the creation of Sidechannel, a new Discord channel that seven other writers and I will be launching soon for paid subscribers to our publications. You can join the discussion by subscribing to zetter.substack.com or any publication by one of the writers below.
Other writers/pubs on SideChannel are:

Platformer @CaseyNewton
platformer.news

Galaxy Brain @cwarzel
warzel.substack.com/p/welcome-to-g…

Newcomer @EricNewcomer
newcomer.co

Hot Pod @nwquah
hotpodnews.com

Culture Study @annehelen
annehelen.substack.com
Read 4 tweets
1 Apr
CEO of the Associated Press says the international news service experienced unprecedented cyber "attacks" during the 2020 election. This included 10,000 daily phishing attempts and an average of 1.8 million web-based “attacks” per month. zetter.substack.com/p/ap-says-it-e…
They “came in withering numbers,” were sophisticated, and came from Pakistan, Taiwan and “most especially the Russian Federation” among others. In 2016, AP was hit mostly w/ DDoS attacks. In 2020 they were more sophisticated attempts to “find backdoors" in AP platforms/systems.
AP plays critical role in election reporting and is obvious target for anyone wanting to disrupt results/create confusion. AP feeds content to 12,000+ media outlets around world and counted/compiled votes in 7,000+ US elections in 2020; it's often first to call winner in races.
Read 4 tweets
1 Apr
Another water system hacked - this one in Kansas. Former employee charged w/ gaining remote access and performing activities "that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures," per indictment. justice.gov/usao-ks/pr/ind…
Wyatt Travnichek was employed by Ellsworth County Rural Water District (aka Post Rock Rural Water District) for 1 yr before resigning in Jan 2019. On March 27, 2019, Post Rock experienced an unauthorized remote intrusion resulting in the shut-down of the facility’s processes.
Post Rock Water District serves more than 1,500 retail customers and 10 wholesale customers over eight Kansas counties. Post Rock’s processes include cleaning and disinfecting customers’ drinking water. In shutting down the cleaning processes, it could have affected public health
Read 4 tweets
1 Apr
We've been hearing a lot about a surveillance gap since SolarWinds hack was exposed. Officials call it a “blind spot,” a "visibility" issue and an authorities “gap." But they've been vague about what they mean by it. Turns out it's not quite what you think zetter.substack.com/p/mind-the-gap…
I spoke w/ former NSA General Counsel Glenn Gerstell about the surveillance gap, and it turns out it's not about not being able to see into US private-sector systems at all, but about FBI not being able to get a warrant quickly enough or get one when there isn't probable cause.
Gerstell described hypothetical: NSA sees data leave US computer and go to one in Europe; then data leaves Europe computer and goes to one in Russia. Suspects it's intel stolen by foreign power but doesn't have evidence for probable cause emergency access to US computer to verify
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!