Ramona Profile picture
16 May, 16 tweets, 15 min read
‘Tricks With a Notorious Russian Spy Group’

‘Security researchers have found links between the attackers and #Turla, a sophisticated team suspected of operating out of Moscow’s #FSB intelligence agency.’

#VenomousBear
#Snake
#malware
#UNC2452
#DarkHalo
wired.com/story/solarwin…
“…believe the SolarWinds #hackers and #Turla aren't one and the same. But … one #hacker group at the very least ‘inspired’ the other, and they may have common members between them or a shared #software developer building their #malware.”

wired.com/story/solarwin…
“… That actually makes the connection more significant … ‘It’s more like handwriting. That handwriting or style propagates to different projects written by the same person.'"

#Turla
wired.com/story/solarwin…
“…Barring the improbable scenario that the SolarWinds hackers saw an earlier version of the #Kazuar malware that no one else in the cybersecurity industry spotted, that suggests #Turla & SolarWinds hackers are instead using tools that are part of the same chain of development.”
#Turla (aka #VenomousBear and #Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 & is the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, & the Finnish Foreign Ministry.”

bleepingcomputer.com/news/security/…
“The #Russian (specifically APT28, APT29, and #Turla) and North Korean (specifically Lazarus) threat actors are considered to be the most advanced groups of all due to their capability of using custom toolsets, adopting the latest attack techniques, & …”

portswigger.net/daily-swig/bey…
#Turla is ‘still actively developing complex and custom pieces of #malware in order to achieve long-term #persistence in their target’s network’…

Rather than one continued operation, the #espionage has come in waves.”

cyberscoop.com/turla-espionag…
#Turla “is reported to be part of Russia’s #FSB (formerly KGB) and has carried out a series of operations targeting government and military agencies in at least 35 countries since 2008”

aka
#Belugasturgeon
#Ouroboros
#Snake
#VenomousBear
#Waterbug
bankinfosecurity.com/russian-hackin…
“…It is also not the first time the group has used legitimate tools and services as part of its malicious infrastructure.

In December 2020, security firm ESET uncovered a #cyberespionage campaign by #Turla that deployed a #backdoor called "#Crutch" that used Dropbox resources”
“The malware was serious business, Cyber Command officials said…& likely already had been used to target embassies, foreign affairs ministries & other targets in eastern Europe and central Asia. It was believed to be used to steal sensitive documents…”

military.com/daily-news/202…
“…from infected systems and execute its own programs…

U.S. intelligence agencies have repeatedly identified Russia and Russian-aligned agents as the source of hacking operations around the world, and the [U.S.] has levied or threatened sanctions to try to deter such attacks.”
"'The #APT customers, #Turla, APT28, and Buhtrap, are all commonly linked to Russia and it is interesting to find that even these advanced groups purchase exploits from exploit authors, instead of developing them in-house,’ the researchers say.”

zdnet.com/article/resear…
“The #cyber-intrusions are especially directed at those that focus on international affairs or national security policy … perhaps unsurprisingly, given the geopolitical nature of #APTs, which tend to be backed by nation-states.”

exfiltrate data
#Turla
threatpost.com/think-tanks-at…
“… #Turla, another Russian #APT, was attacking think-tanks & others by exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web – in order to steal business credentials & other sensitive data.”

threatpost.com/think-tanks-at…
SolarWinds “is a perfect example of a state or state-sponsored actor turning their resources to cyberattack. Unlike typical cybercriminals, threats at this level have almost unlimited resources and target virtually anything that may forward their agenda.”

threatpost.com/feds-russia-cu…
#Turla has also been known to use satellite-based Internet connections to cover its tracks. … researchers observed Turla using what was then a zero-day vulnerability in Window to infiltrate European government and military computers.”

arstechnica.com/information-te…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ramona

Ramona Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @desderamona

15 May
Yury #Maksimov
Founder & CEO
Positive Technologies

#Maximov
app.qwoted.com/sources/yury-m…
#Maximov Yury Vladimirovich

board member, founder, shareholder Positive Technologies company

“born in the city of Fryazino of the Moscow region. Graduated from physical faculty of Lomonosov Moscow State University (MSU) & a postgraduate study of MSU.”

tadviser.com/index.php/Pers…
“…Together with Dmitry #Maximov and Evgeny #Kireev worked on creation of the first versions of the intelligent XSpider scanner, popular development of Positive Technologies company, was an initiator of creation and took active part in formation of a system of…MaxPatrol.”

#PTCo
Read 15 tweets
15 May
Le Mont-Saint-Michel

“tidal island and mainland commune in Normandy, France.”

#UNESCO site
1979
en.wikipedia.org/wiki/Mont-Sain…
“From 966 onwards, the dukes of Normandy followed by the French kings, supported the development of a major Benedictine abbey on Mont-Saint-Michel. Magnificent monastic buildings were added throughout the Middle Ages, one vertiginous wing in particular…”

en.normandie-tourisme.fr/unmissable-sit…
“Perched on a rocky islet in the midst of vast sandbanks exposed to powerful tides between Normandy and Brittany stand the 'Wonder of the West', a Gothic-style Benedictine abbey dedicated to the archangel St Michael, and the village that grew up in …”

whc.unesco.org/en/list/80/
Read 4 tweets
14 May
Douglas Vincent #Mastriano
1964

#PA State Senator
#Pennsylvania's 33rd District
2020 re-elected
2019 special election

Ret. Colonel
United States Army
2017

“Mastriano has sometimes been described as a Christian nationalist.”

#PAGOV2022
en.wikipedia.org/wiki/Doug_Mast…
#Mastriano

Ph.D., history
University of New Brunswick
2013

Master's, strategic studies
U.S. Army War College
2010

Master's Degrees
2001 airpower theory
2002 military operational art & scienc
Air University
2002

Master's degree
strategic intel
Joint Intelligence College
1992
#Mastriano has appeared on Tucker Carlson, C-Span, numerous national radio programs (John Batchelor Show, Eric Metaxas Show) & on Fox Business with Stuart Varney.  He retired from the U.S. Army in November 2017 after 30 years of active duty as a Colonel”

senatormastriano.com/biography/
Read 42 tweets
13 May
7 March 2020

‘Erik Prince Recruits Ex-Spies to Help Infiltrate Liberal Groups’

‘Mr. Prince, a contractor close to the Trump administration, contacted veteran spies for operations by Project #Veritas, the conservative group known for …”

Richard #Seddon
nytimes.com/2020/03/07/us/…
‘… known for conducting stings on news organizations and other groups.’

“occasionally using Mr. #Seddon to make the pitch — Mr. Prince said he wanted the Project #Veritas employees to learn skills like how to recruit sources and how to conduct clandestine recordings”
21 Oct 2020

‘Ex-Spy Was Central to Project #Veritas Hiring Effort, Testimony Shows’

‘A British former intelligence officer was said to have recruited and interviewed potential hires as the conservative group sought to have former spies train employees.’

nytimes.com/2020/10/21/us/…
Read 11 tweets
13 May
New Concept Weapons #NCW
Directed Energy #Weapons #DEW
Force multiplier
New sword
Invisible card
People’s Liberation Army #PLA
PLA Strategic Support Force #PLASSF
new #technology testing
Disruptive #technologies
#Space Engineering University
#Chinese academic and military
#China
Force multiplier

Intelligent network and electromagnetic spectrum attack and defense weapons

“Computer chip virus” weapon

New-type psychological intervention/warfare weapons
noise intervention
holography display

Nanosatellites for intelligence collection

#China
#ChinaNCW
Read 5 tweets
12 Apr
“The Logan Circle Group is headed by Harlan #Hill, another Trump advocate, who was banned last fall from appearing on…Fox News … after he tweeted that Vice President ‘Kamala Harris comes off as such an insufferable lying b----. Sorry, it's just true.’”

cnbc.com/2021/04/09/mat…
‘Gaetz-tied group threatens to sue reporters writing on his Trump relationship’

‘The Logan Circle Group warned journalists they risked a lawsuit if they didn’t retract reports that Trump was distancing himself from the embattled congressman.’

Harlan Hill
politico.com/news/2021/04/0…
“… The official behind the recent legal threats is Erin #Elmore, a colleague of #Hill’s at the Washington-based consulting firm and a Season 3 contestant on ‘The Apprentice.’”

politico.com/news/2021/04/0…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(