Share this page!

Bellingcat Profile picture
Twitter logo
Feb 23 9 tweets 4 min read
New from Bellingcat and @the_ins_ru

An attack that made numerous Ukrainian government websites unreachable has been linked to GRU hackers. bellingcat.com/news/2022/02/2…
@the_ins_ru Independent threat researcher Snorre Fagerland, working in cooperation with Bellingcat and The Insider, identified a web service apparently serving as a command and control centre which has played a role in past cyber-attacks linked to Russian state interests.
@the_ins_ru The same website also hosted cloned copies of a number of Ukrainian government websites, including the main webpage of the Office of the President.
@the_ins_ru Other cloned (and modified) websites found on the service include those of the Ukrainian Ministry of Justice and of a government-run petition portal.
@the_ins_ru These cloned websites were created no earlier than November 2021, around the time when Russia’s latest round of escalations against Ukraine began.
@the_ins_ru Notably the cloned version of the site of the Ukrainian president was modified to contain a clickable “Support the President” campaign that, once clicked, downloads a package of malware to the user’s computer.
@the_ins_ru It is not certain what the purpose of the malware payload is at this time, nor whether the payload was operational or simply a placeholder for different malware to be deployed at a crucial moment.
@the_ins_ru The type of malware deployed on the cloned Ukrainian websites shows a link to previous cyber attacks on the Ukrainian government dating to April 2021, as well as on the government of Georgia.
@the_ins_ru A version of this story by @the_ins_ru can be read in Russian here: theins.ru/politika/248818

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Bellingcat

Bellingcat Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bellingcat

Bellingcat Profile picture
Feb 24
If you're sharing videos and photographs from Ukraine with accountability in mind, please make an effort to share them with links to the source you're using, it greatly assists organisations who are verifying conflict incidents.
Wherever possible we're seeking to find where videos were posted originally, so we can understand the context they were originally posted in, and it helps us eliminate videos that are just old videos being reposted for clicks.
It also allows us to examine associated metadata, especially where videos have been shared on Telegram, which retains file metadata, unlike the majority of social media platforms.
Read 6 tweets
Bellingcat Profile picture
Feb 24
This video showing damage to civilian apartment buildings was filmed at 49.850727, 36.659762 in Chuhuiv, near an airport that was the likely target of the attack. Civilian casualties have been reported from the attack attributed to Russian forces.
Image
One of the reported victims of the attack is shown below. We'll continue to collect evidence related to this attack on civilians:
More images from this attack via AFP, at least one death reported.
Read 4 tweets
Bellingcat Profile picture
Feb 23
Bellingcat is documenting incidents of potential disinformation arising on the frontlines between Russia and Ukraine: bellingcat.com/news/2022/02/2…
We will share what we find via a publicly accessible spreadsheet that will continue to be updated in the days ahead. You can view the spreadsheet here: docs.google.com/spreadsheets/d…
While the volume of videos and claims over recent days has been significant, we will look to add entries when incidents have been debunked or if claims contained within videos or images are inconsistent with other open source evidence or contextual data.
Read 8 tweets
Bellingcat Profile picture
Feb 23
Bellingcat took part in this months-long investigation into #SwissArms alongside @LHreports @RadioTeleSuisse, @srfnews, @RSIonline & @NZZaS 👇
@LHreports @RadioTeleSuisse @srfnews @RSIonline @NZZaS The investigation sought to track the use of Pilatus PC-12 aircrafts in Afghanistan, the armoured vehicles of Mowag in Brazil and & Sig Sauer rifles which appeared to be in the possession of Saudi forces in Yemen.
@LHreports @RadioTeleSuisse @srfnews @RSIonline @NZZaS Read about how Pilatus PC-12s, initially exported to the US as civilian aircrafts, were modified and sent to Afghanistan where they took part in military operations rts.ch/info/suisse/12…
Read 7 tweets
Bellingcat Profile picture
Feb 19
You can check this yourself by downloading the two videos on Telegram from here:
t.me/pushilindenis/…
t.me/LIC_LPR/17431
Then uploading them to a metadata viewing site, like metadata2go.com, then you'll get lots of metadata, including when the files were created
Another example of a video published by separatists having a creation date days before the events shown are alleged to have occurred, this time a supposed Ukrainian attack on chlorine storage.
You can check the metadata of the video on metadata2go.com, and the original source with the metadata is t.me/nm_dnr/6192
This is the third example of a video published by separatists containing metadata that contradicts their claims.
Read 4 tweets
Bellingcat Profile picture
Feb 11
The Radar Interference Tracker (RIT) is a new tool that allows anyone to search for active military radar systems

It has already proven useful in spotting potential movement of military equipment near Russia’s border with Ukraine – as @oballinger explains bellingcat.com/resources/2022…
@oballinger The tool is free and designed to be intuitive to use.

If you are keen for a quick look to see what you can find (it covers the entire earth), you can access it here: ollielballinger.users.earthengine.app/view/bellingca…
@oballinger But first a note on how the tool works
Read 22 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bellingcat has new unrolls!

Check out other threads from @bellingcat!

Read all threads by @bellingcat

:(