Share this page!

Eric Geller Profile picture
Twitter logo
16 Nov, 7 tweets, 2 min read
New: The Belarusian government is behind a wide-ranging campaign of cyberattacks on its Eastern European neighbors, @Mandiant says. subscriber.politicopro.com/article/2021/1…

Attacks targeted Ukraine, Lithuania, Latvia, Poland, and Germany, as well as Belarusian journalists and dissidents.
In research presented at @CYBERWARCON, Mandiant said it's attributing these attacks to Belarus based on technical evidence and the fact that the targets are "most consistent with Belarusian interests."

Some Belarusians targeted before disputed 2020 election were later arrested.
Mandiant said it had “sensitively sourced technical evidence” that the operation was based in Minsk, as well as “separate technical evidence” specifically linking the Belarusian military to the campaign.
These cyberattacks involved fake websites imitating popular domains, including those of major U.S. tech companies, Eastern European governments, and regional email services.

The fake sites asked for people's login credentials.

Hackers also used proprietary malware.
At first glance, these attacks might look like they're coming from Russia. But Mandiant said there was no technical overlap between the operation and known Russian groups.

The findings underscore how more authoritarian govts are following Russia's lead in using cyberattacks.
In its report, Mandiant also said it had moderate confidence that Belarus is behind the "Ghostwriter" information operations campaign that has sought to discredit and undermine NATO in Eastern Europe.

(see also: mandiant.com/resources/espi…)
Ghostwriter messaging has specifically focused on Belarus' neighbors, Mandiant said, whereas Russia's anti-NATO information operations have been broader.

For example, Ghostwriter has practically ignored Estonia, which doesn't border Belarus.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Eric Geller Profile picture
16 Nov
New: FBI Cyber Division chief Bryan Vorndran told House Oversight in written statement for the record that Biden admin is “troubled” that cyber incident reporting mandate doesn’t set up simultaneous reporting to CISA *and* FBI.

Story with @woodruffbets: politico.com/news/2021/11/1…
Going beyond what he said at the still-ongoing hearing, Vorndran's statement says the current legislation “fails to recognize the critical expertise and role” of DOJ/FBI.

Both CISA and the FBI “should immediately receive all information mandated to be reported,” Vorndran wrote.
Needless to say, this could throw a wrench into the plan to pass the painstakingly crafted incident reporting mandate that is in the House NDAA and is expected to be folded into the Senate NDAA soon.

I've asked the legislation's sponsors if they'll rework the provisions.
Read 8 tweets
Eric Geller Profile picture
16 Nov
New: The hackers behind a watering-hole campaign against targets in the Middle East may be using software from the Israeli spyware firm Candiru, recently targeted by U.S. export restrictions, according to @ESET: subscriber.politicopro.com/article/2021/1…
In research being presented today at @CYBERWARCON, ESET experts say an IP address linked to Candiru in a recent @citizenlab report has ties to two of the malicious domain names in the watering-hole attacks.
These watering-hole attacks spoofed websites of Yemen’s parliament & interior ministry, Iran’s foreign ministry, Syria’s electricity ministry, @MiddleEastEye, and Hezbollah-linked TV channels.

Fake sites delivered malware that exploited web browser vulnerabilities.
Read 4 tweets
Eric Geller Profile picture
16 Nov
The House Oversight Committee is about to convene a hearing on ransomware attacks with @ncdinglis, CISA's Brandon Wales, and FBI's Bryan Vorndran: oversight.house.gov/legislation/he…

Ahead of the hearing, House Oversight has released a staff memo on recent attacks: oversight.house.gov/sites/democrat…
House Oversight hearing on ransomware attacks is starting now:

I'll tweet highlights.
“We are at a tipping point," House Oversight chair Carolyn Maloney says. "Cyberattacks have become more common and potentially more damaging."
Read 22 tweets
Eric Geller Profile picture
16 Nov
📅🎂🎉 It's @CISAgov's third birthday. "Cyber is, to a large extent, where it's at nowadays," then-President Donald Trump said as he signed the CISA establishment bill into law. subscriber.politicopro.com/article/2018/1…
@CISAgov Two years and one day after creating CISA (i.e. one year ago tomorrow), Trump fired CISA's director, @C_C_Krebs, for debunking his election fraud lies, throwing CISA into the partisan Trump-era turmoil that it had successfully avoided since its creation. politico.com/news/2020/11/1…
A year after Krebs' firing, CISA is on firmer footing and playing a key role in the implementation of Biden's sweeping cyber EO.

Just this morning, CISA released EO-mandated "playbooks" to guide agencies' responses to vulnerabilities and cyberattacks. cisa.gov/news/2021/11/1…
Read 4 tweets
Eric Geller Profile picture
2 Sep
Scoop: Senate HSGAC is working on a bill that combines the House's industry-friendly cyber incident reporting legislation w/ a bunch of programs to tackle ransomware.

Raises Qs about what happens to Warner/Rubio/Collins bill, which industry doesn't like.

subscriber.politicopro.com/article/2021/0…
The big stuff in the HSGAC bill:

* The House Homeland incident reporting legislation, with some tweaks and additions
* "Due diligence requirement" for companies facing ransom demands
* Ransomware task force
* "Ransomware vulnerability warning pilot program"
Due diligence req:

Before paying a ransom, a company would have to determine whether it could recover from the attack “through other means,” including by seeing if experts have published a decryption tool that works for them.

It would have to report to CISA on this process.
Read 17 tweets
Eric Geller Profile picture
2 Sep
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, is about to speak at the White House press briefing.
Neuberger: "We want to take a moment to encourage organizations to be on guard for malicious cyber activity in advance of the holiday weekend. To be clear, we have no specific threat information or information regarding attacks this weekend, but what we do have is history."
Neuberger notes that history shows that hackers often target companies over holiday weekends, when security operations centers may be understaffed or otherwise unprepared.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ericgeller has new unrolls!

Check out other threads from @ericgeller!

Read all threads by @ericgeller

:(