Share this page!

Maybe Scrolly?
Eric Ellason 🇺🇲🇺🇦 Profile picture
Twitter logo
Nov 1 11 tweets 12 min read
BREAKING: There are at least 2 separate hacking campaigns going on & focusing in on the #Twitter blue checkmark verification process. One appears to be #phishing based and another far more nefarious .. and possibly a state actor using Twitter DMs. More shortly. Be alert #infosec
All political candidates running & in office are typically Twitter verified (blue checkmark). Most major journalists are as well. This is a HUGE target 4 a #cyberattack by a nation state actor. This campaign which is still under the radar is very worrisome
Liz @lizthegrey has done greaat work on this. Its not clear how widespread this is but it has some very concerning network indicators. And its significantly more sophisticated than the phishing email that is going around. #infosec #phishing #cybersecurity #malware #Election2022
We are now 8 days away from a MAJOR midterm election in the US with huge geopolitical implications. A number of Twitter verified accnts already admit they fell 4 one of these campaigns recently. This second found by @lizthegrey appears like a Twitter notification #infosec #OSINT
Here is where it gets really concerning @lizthegrey identified the chain and it includes the IP 45.8.144[.]163 from Stark Industries ... many of you will recognize them from past campaigns. Using the fantastic @PassiveTotal #OSINT tool you can peel back the onion back to Russia
There are numerous domains (fake regs) involved that appear to be cycling through to new ones ... once one is caught. Best as we can tell none of the @/CaseNumber[0-9]{5} accounts on Twitter have been suspended. startappealoctober[.]com
newappealstart[.]com
submitnewappeal[.]com
Again using the fantastic @PassiveTotal from @RiskIQ one can pivot off of the IP address & find the full list of newly registered (all fake registrations) domains created in the past week ..all likely to be pivoted to once a prior domain is discovered and blocked. #OSINT #infosec
Right after the 2020 election (in the heat of the #BigLie) the malign EOP campaign put out a hit list on people like CISA @C_C_Krebs. It has very similar network indicators to what we are seeing with this. Be alert & someone way smarter needs to look into this #infosec #osint
Thank you @twitter for taking quick action and taking these accounts down ... @CaseNumber01347 @CaseNumber01300 @CaseNumber01629 @CaseNumber01438 @CaseNumber01382 @CaseNumber01366 ect...
It was a mistake to lead this thread with the sophomoric Gmail #phishing campaign ... because apparently no one reads past the 1st tweet. Anyway I had a chance to speak to someone who fell victim to the 2nd more sophisticated campaign in my thread. Here is what they described.
The FBI identified Iranian hackers as the one behind EOP (Enemies of the People) op shortly after Nov 2020 elections. Like we say in this thread there are ALOT of similarities in this current Twitter verification scheme (the non-gmail one) #infosec #osint thedailybeast.com/iran-behind-en…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Ellason 🇺🇲🇺🇦

Eric Ellason 🇺🇲🇺🇦 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SlickRockWeb

Eric Ellason 🇺🇲🇺🇦 Profile picture
Oct 30
Its even worse than this now. Fake 911 dispatches have been crested and circulated. Its a firehose of disinformation to make the obvious right-wing political violence towards the Pelosi’s appear to be anything else. #disinfo #Election2022
This is the perfect meme for all the @GOP politicians who refuse to condemn this political violence against Paul Pelosi and Nancy Pelosi. Exactly how they couldnt condemn the attempted coup on #Jan6th after they were called out. Image
So the #FoxNews stories around the Pelosi assault suspect seem to be very conveniently neglecting to mention a very easy to find piece of information … that Oxane Taub or Gypsy Taub as she is better known is Russian and has made numerous trips back to Russia. Weird …
Read 5 tweets
Eric Ellason 🇺🇲🇺🇦 Profile picture
Jul 29
Wow, @donie wasn't kidding. This really is a fascinating indictment from the DOJ. Russian FSB having proxy control and influence over three political groups in the US since at least 2014. This is going to be a fun one to watch play out. #disinfo #InfoOps justice.gov/opa/pr/russian…
Well US group 1 is rather obvious. I remember a number of yrs ago I was told they were infiltrated & a Kremlin proxy group and I didn't fully believe it at the time. Over the yrs its become obvious and really clear more recently with their propaganda around the Russian invasion.
If I am correct ... they are obnoxiously anti-war ... except when Russia is involved. Others appear to be naming and shaming ... like US Group 2 apparently IDed by @bellingcat
Read 19 tweets
Eric Ellason 🇺🇲🇺🇦 Profile picture
Jul 28
More pro-Kremlin propaganda & war denialism. This accnt claims #Mariupol is one of the safest cities in Russian occupied Ukraine & is having summer concerts in the park. BS Kremlin #disinfo. Not clear what video they pilfered this from but its NOT current or correctly attributed
As @SarahAshtonLV points out its impossible to believe given the total devastation in #Mariupol & given at the very beginning of the clip you see #Ukraine colors / flag on the stage. No way this would occur in Russian occupied #Mariupol #StandWithUkraine
Here is another pro-Kremlin troll account pushing the same BS propaganda #disinfo a few days prior. Guessing its all over Telegram as well. #StandWithUkraine
Read 10 tweets
Eric Ellason 🇺🇲🇺🇦 Profile picture
Jul 20
So Department of Defense kind of released some emails from Jan6th after a FOIA request. Although the 48 pages were mostly repetitive with a lot of redactions ... they did reveal a few interesting tidbits. rawstory.com/pentagon-jan-6…
A few items on this report that are especially interesting. Reports of protestors with baseball bats were discounted apparently. Like this guy, who carried a baseball bat all day and was I believe the 2nd or 3rd person to break into the Capitol on #Jan6th on the west side breach.
Second item ... who the hell was operating a drone near the Washington monument on #Jan6th? #SeditionHunters
Read 13 tweets
Eric Ellason 🇺🇲🇺🇦 Profile picture
Jul 11
New 🔥🔥: Jericho March organizers quickly pivoted to promote the #Jan6th Trump rally at the Capitol within days after a late night impromptu meeting where Sidney Powell, Gen. Michael Flynn, and Patrick Byrne were snuck into the White House to meet President Trump. #Jan6Hearings
On Dec 12th, 2020 a Trump rally to protest Stop the Steal of the 2020 election (in their minds) was held in Washington DC called the Jericho March... also sometimes referred to as the 2nd Million MAGA March. General Michael Flynn was the keynote speaker at the event.
The Jericho March was also co-promoted by #1LoudVoice & included other speakers that have since gained notoriety 4 their involvement at the Jan6th Capitol Insurrection such as Stewart Rhodes, Ali Alexander & Alex Jones. Over 800+ people have since been arrested for Jan6th crimes.
Read 10 tweets
Eric Ellason 🇺🇲🇺🇦 Profile picture
May 22
#Durham Sussmann trial take away so far. The FBI either never fully investigated the Trump Server / Alfa Bank comms and/or it botched the investigation. @emptywheel has a nice write up & notes Durham uses an FBI witness who admits he's not a DNS expert. emptywheel.net/2022/05/20/the… Image
This part is just stunning 2 me. Durham's FBI expert, who admits he doesn't know the technicals of how DNS works, concludes there wasn't a hack (something secondary to the odd DNS traffic) & then calls the methodology "horrible" & concludes the analysis by the FBI is done? #OSINT ImageImage
So from the #Durham trial testimony the FBI admits it spent less than a day looking at the suspicious DNS data that a number of outside experts have continued 2 suggest show computers from Trump / Alfa Bank / Spectrum may have been communicating around Trump's 2016 GOP nomination ImageImageImage
Read 24 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(