Stories include 👀
1️⃣ Mandiant’s insights on attacker operations from the frontlines
2️⃣ Ukraine holds the line against 🇷🇺’s cyber operations
3️⃣ Uncommon techniques, successful hacks
4️⃣ DRPK getting 🔐coin
5️⃣ Red Team vs the ☁️
6️⃣ 🎓 APT 42
↪️👩🏼💻 Attackers are using what works in region that’s being targeted.
↪️Perimeter device #exploits 💥were used at a higher frequency in 2022.
↪️ Ransomware may be down, but specific ransomware families are proving to be formidable opponents.
Slava Ukraini 🌻
↪️Mandiant breaks down 🇷🇺 cyber ops into 5 main phases.
↪️ Many attributed groups conducting campaigns - even #UNC2589 & #APT28 prior to the invasion.
↪️ 👀 Hactivism, ICS targeting, wiper malware, info ops, oh my!
DPRK, don’t take the money 🎶
↪️ Crypto has always been useful to them, but 2022 was a particularly lucrative year.
↪️ #UNC1130 conducts some gnarly phishing campaigns.
↪️Think twice before you open that #linkedin message, it’s probably UNC2790!
A year of hacks 😭😭😭
↪️ Less sophisticated actors should not be underestimated.
↪️ Cyber criminals can be focused on notoriety over financials, which leaves room for opsec fails
↪️ Attribution is hard - reuse of tooling, persona tracking and shared TTPs makes it so
Red Team vs ☁️
↪️ As the 🌎 moves into the ☁️, so do attackers.
↪️ You no longer have to guess how attackers are able to move through your ☁️ environment!
↪️ Your ☁️ environment has a lot of juice… and attackers will be looking for it.
Campaigns and 🌎 Events!
↪️ SO. MANY. CAMPAIGNS!
↪️ APT29 goes phishing, Blasting BASTA ransomware, USB-based compromises causing chaos.
↪️ Deep dive into Notable Vulnerabilities and how they rank on the “should I be scared?” meter.
Queue Pomp and Circumstance, #APT42 has graduated to a full grown cat.
• • •
Missing some Tweet in this thread? You can try to
force a refresh