The #Russophobia theme emerged on a #RussiaTimes interview with #DmitryBabich and in June 2022 with FSB-directed #Southfront. This appeal to ethnic Russians could drive tension between them and US govt, possibly motivating a hack-and-leak or hack-and-fake #OctoberSurprise. 2/7
Russian state-controlled media are diversifying existing infrastructure through registration of alternative website domains – website “mirrors” – and are increasingly using country code Top Level Domains within existing infrastructure. Chart shows mirror mentions for #Sputnik 3/7
A recent #China sponsored political influence campaign criticized both #GOP and #Democrat while promoting extreme views on both sides. For example, the Pacific Dialogue account on #Douyin hosts 600+ #propaganda videos featuring Westerners criticizing the US. 4/7
Throughout 2022, #RecordedFuture has observed low level chatter from Chinese overt influence accounts mentioning US Congress members, such as Andre Carson for his criticism of #CCP policies and Tammy Duckworth for her official visit to #Taiwan. 5/7
When US House Speaker Nancy Pelosi took an official delegation to Taiwan in early August 2022, China’s overt influence accounts spiked in mentions of “Nancy Pelosi” with increased criticism and threats: “unncessary” “provocative” “wreckless” 6/7
Malign foreign influence operations on US domestic affairs are not a new phenomenon and they do not start/stop with an election cycle – rather they persist in hopes to influence US policy and undermine US global standing. 7/7 Read the full report: bit.ly/3ew3zhN
• • •
Missing some Tweet in this thread? You can try to
force a refresh
In H1 2024, threat actors refined their tactics and introduced new techniques to evade detection and disrupt defenses. Zero-day exploits & sophisticated malware dominated the landscape. Here's what we observed 👇
Newly disclosed vulnerabilities in Ivanti, PAN-OS, and Windows SmartScreen were heavily exploited, even after patches were released. The availability of proof-of-concept (PoC) exploit code fueled persistent targeting.
Infostealers like LummaC2 led the malware landscape, while ransomware strains such as Fog & RansomHub introduced passwords to validate payload execution, hindering detection.
At peace and war, China’s #cyber activities alter its target’s actions with threats to punish unwanted behaviors and apply pressure to coerce. Insikt Group® analyzes the 2 elements of #weishe theory in its application against Taiwan and more. 1/5 Read: bit.ly/3VjLQd1
In weishe, coercion comprises two distinct theories of action to change the behavior of a target: #Deterrence and #Compellence. Deterrence uses the threat of punishment to prevent undesirable actions, and compellence wields punishment to motivate desirable behavior. 2/5
An instance of cyber coercion might be the #defacement attack on public TV screens in #Taiwan in response to the Taiwan visit of the US Speaker of the House of Representatives Nancy Pelosi in August 2022. 3/5
Discover multinational #InfluenceOperations at work. See how #Iran and #Venezuela can use state-sponsored media outlets, social media influencers, proxies, surrogates, and political activists in the #AlexSaab influence campaign. Read full report: bit.ly/3EPYPhv 1/8
Insikt Group® identifies four phases of a multiyear influence campaign centered around indicted Alex Saab, the alleged financier and special agent to Iran for the Nicolás #Maduro regime. The Alex Saab timeline shows significant events from indictment to postponed trial. 2/8
Saab, an alleged conduit of Hezbollah operations extending into Latin America, is a Colombian and Venezuelan businessman wanted by Colombian law enforcement since 2018. Maduro appointed him a special envoy to Iran after a corruption designation (by OFAC). 3/8
Recorded Future analysts monitor targeting of ethnic and religious minorities by Chinese state-sponsored groups. In the first half of 2022, #TA413 exploited zero-days #Follina and CVE-2022-1040 with new custom backdoor #LOWZERO in Tibetan targeting. 1/9 bit.ly/3LwzoDf
#MalDoc lures, in Tibetan language, pose as applications for compensation, contest... This one sent from tibet[.]bet was weaponized with #RoyalRoad SHA 028e07fa88736f405d24f0d465bc789c3bcbbc9278effb3b1b73653847e86cf8, drops #LOWZERO and contacts hardcoded C2 45.77.19[.]75. 2/9
Sent from the same domain, this lure has #phishing email links to tibet-gov.web[.]app posing as the Tibetan government-in-exile. Sent in 2 waves, the 1st email links to .docx attachment hosted on Google Firebase which attempts #Follina via the ms-msdt MSProtocol URI scheme. 3/9