My buddies at GRU are at it again. Very creative bait this time, I almost believed it.. Good that I GOGLED the domain first.
(so the phishing bait implies the FSB - who control the Donetsk-based MGB) - are trying to hack my account. If this is GRU, it would be GRU using FSB as bait which is ironic.. If it's FSB themselves, it's just onanic)
So the "from:" domain is parked at reg.ru. But the active click-through payload domain is this. Interesting, a .ru google look-alike domain, meaning most targets are meant to be within RU. We saw something similar in a phishing campaign about six months ago.
These other domains are hosted on the same server. So, do not stay at Hotel Bono. You can only check in but you can't check out.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Christo Grozev

Christo Grozev Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @christogrozev

17 Sep
Putin's spokesman applauds @Apple and @Google's deleting of @navalny-linked apps.
Can't wait for @apple and @google's reactions when the Kremlin bans *them* in Russia (because that's coming).
An example of globalization playing in the hands of authoritarianism. The Netflixes and Apples and Amazons become hostages to revenue streams from non-free markets and then the broken concept of "legal sovereignty" closes the circuit.
Read 6 tweets
9 Sep
Ukrainian president's party MP says tomorrow there will be a closed parliamentary session on "the Wagner topic" followed by a press conference at 15:30 local time where "everything that can be legally said about the Wagnerites will be disclosed".
m.facebook.com/photo/?fbid=10…
Well it is kind of a historic day in Ukraine. The ruling party finally admitted there was a Ukrainian intel sting operation aimed at capturing Russian mercenaries outside RU territory. However, they say, the plans did not include landing a plane in Kyiv but arrests in Turkey.
Plus, they say, there was information that Russian security services were aware of the sting operation.
Well, this is a start. Leaves lots of unanswered questions, but it's a start. google.com/amp/s/nv.ua/am…
Read 4 tweets
21 Aug
In an exclusive interview, the brother-in-law of Vadim Krasikov (the person accused of the murder of Zelimkhan Khangoshvili in Berlin's Kleiner Tiergarten two years ago), tells us he positively recognized the person held in Berlin as his in-law.
Alexander V. from Kharkiv already testified in Berlin's court last month. However, there he stopped short of identifying conclusively the detained assassin as his in-law, Vadim Krasikov. Shortly after his court appearance, he contacted us to explain he didn't speak the full truth
Sadly, his email had gone into the proverbial spam folder, until we discovered it just days ago. We rushed to interview him in Kyiv: with journalists from @bellingcat, @derspiegel and @the_ins_ru questioning Alexander for hours.
Read 14 tweets
21 Aug
Now a more serious thread on the new "Novichok sanctions". First, I disagree with many of the comments that "sanctions against low-level staff are useless". On the contrary, I think individual name-and-shame sanctions are important to deter future recruiting efforts by FSB/GRU.
It's one thing when media publish names & photos of suspected poisoners; a new level of stigma when governments sanction them (and validate media's findings). These guys were promised protection, cover and anonymity by their employers. Now they're on public blacklists forever.
...the next job interviews for GRU and FSB's poison departments won't go smooth... thus much fewer Kudryavtsevs, Osipovs, and Alexandrovs to pick from...and those who apply will be the dumbest ones anyway.
Read 6 tweets
20 Aug
Hey UK Treasury, where's the hyperlink? :) ImageImageImageImage
By popular demand, as many of you asked "But what about [talkative overqualified laundry man Kudryavtsev??".. Here he is, in today's sanctions by the US Treasury. Image
Read 5 tweets
2 Aug
"Spanish shame" is the first thing that comes to mind while watching the chief of SVR's 80-minute interview with Kremlin's wannabe Rush Limbaugh. For starters, intelligence chiefs *don't* do 80-minute interviews, period.
There's literally nothing that an intelligence chief knows that s/he can say publicly. That's why they never do it. That means literally everything that Naryshkin rambled on was pure propaganda, with zero truth or news value.
I take that back - there is news value in his appearance. That the Kremlin patient would ask his intel chief to make a fool of himself says a lot about his degree of insecurity before next month's elections.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(