CyberWatchers Profile picture
cyber security students interested in highlighting real world attacks
Jun 18 15 tweets 3 min read
Russian Federal State Unitary Enterprise Scientific Research Institute Kvant had sanctions imposed on it by the US Department of Treasury as part of EO13694 on 11 June 2018 (Blocking the property of certain persons engaging in significant malicious cyber enabled activities). Image According to Treasury press release sm0401 at the time this was in response to Russian state sponsored cyber-attacks alleged to have been targeting critical infrastructure.
May 31 13 tweets 3 min read
According to the Center for European Policy Analysis (CEPA), SyTech is a small company that has workded on contracts for the FSB 16th Center (Signals Intelligence unit 71330) since 2009. SyTech appears to be a private company but shares personnel and contracts with KVANT. Image The Kvant Scientific Research Institute was founded in 1978 and though officially civilian was under
the control of the KGB. In the 2000's Kvant came under the control of the FSB, essentially the KGB by
another name. Kvant was sanctioned by the US in 2018. Image
Apr 11 14 tweets 2 min read
Zeroday Technologies LLC, 0Дт, OOO ЗИРОУДЭЙ ТЕХНОЛОДЖИС, is a technology company that "specializes in the development of automation
and information protection tools." A hack of the company in 2019 revealed contracts with FSB Center 12 and 18. Details in .n0debreak.com/2023/04/01/mee… The company was founded in December 2011 by CEO Ruslan Radzhabovich Gilyazov, a member of the Informaiton Security Faculty at Moscow
State University, and is located in the Yasenevo Municipal District of Moscow.
Mar 22 7 tweets 2 min read
JSC InfoTeks is a leader in the Russian information security market. The company was formed in 1991, its founder and General Director, Andrey Anatolievich Chapchaev, attended the Higher School of the KGB and worked in the research division of the KGB between 1982-1991. Image InfoTeks has been sanctioned by the Council of the European Union for its work in creating systems and tools for Russian Security Services. In addition, the company has also been indicted by the US for enabling the malicious activity of Russian Cyber actors.
Feb 13 12 tweets 2 min read
According to a CISA advisory, actors associated with FSUE TsNIIKhM are responsible for developing
destructive ICS malware. TsNIIKhM has also been sanctioned by the US Department of Treasury for
connections to the Triton Malware. Image In 2021 the US indicted an employee of the institute, Evgeny Gladkikh, for installing TRITON malware on a safety system of global energy facilities and using techniques designed to enable future damage with potentially catastrophic effects on a Shneider Electric safety system.
Feb 9 7 tweets 2 min read
ZAO PASIT, Программно-аппаратные средства и технологии (Software, Hardware and Technologies) is a Russian tech company indicted by the US Department of Treasury. The company has a very rudimentary website which can be found at . Pasit.ru
An EO was issued by the US DOT on 15 April 2021 which included targeted sanctions against Russian tech companies, including PASIT, that had given support to Russian Intelligence Services #RIS efforts to carry out malicious cyber activities against the US.
Jan 25 13 tweets 3 min read
St Petersburg based JSC Centrinform has a long history of involvement with the #FSB, of note, activity
connected to the TURLA malware campaign. The company, which has seventeen branches, was previously a subsidiary of FSUE, STC Atlas, also known as Atlas of the FSB. Image Between 2005 and 2007 the company was called FSUE Atlas of the Federal State Security Service and, according to Government documentation, under the supervision of the FSB.
Sep 20, 2023 11 tweets 2 min read
Here is our latest thread highlighting the links between Russian Intelligence Services (#RIS) and Russian tech companies. Today we provide some details about Research and Production Center "DELTA" and its link to the #SVR.🧵
1/10 Image According to freely available Federal Tax Service information the company was founded on 17 July 2003 by the Foreign Intelligence Service of the Russian Federation, better known as the SVR.
2/10 Image
Sep 12, 2023 10 tweets 3 min read
Here is an updated chart following further research into the attempts by Ilya Medvedovsky to obscure his attempts to avoid sanctions imposed by the US DOT on his companies Digital Security (DSEC), ERPScan and Embedi that we first highlighted in
🧵1/9
Image As you can see, we have a new individual that has links to the subject companies. Dmitriy Chastuhin is a security analyst specializing in SAP, who has appeared as a speaker at multiple conferences when Director of Business Application Pen testing at ERPScan. 2/9 Image
Aug 24, 2023 17 tweets 3 min read
In 2018 Digital Security (DSEC), a Russian tech company, was hit with sanctions by the US DOT.
Through online research we believe we have identified a network created by its leadership Ilya
Medvedovsky, Dmitriy Evdokimov and Yevgeniya Klimina to apparently evade these sanctions. Image Sanctions were imposded on DSEC because of work conducted on a project that would increase Russia's
offensive cyber capabilities for the Russian intelligence services, including the FSB. ERPScan and Embedi, subsidiaries of DSEC were also sanctioned.
Jul 28, 2023 11 tweets 2 min read
Positive Technologies (Pozitiv Teknolodzhiz) was about to become a public company when it was hit with sanctions by the US Department of Treasury. The proposed sale would have resulted in owner Yury Maksimov becoming a billionaire. The sanctions, imposed in April 2021, were against six Russian Technology companies accused of supporting the efforts of the Russian Intelligence Services to carry out malicious cyber activities against the US, most notably the SolarWinds attack (attributed to #APT29 #CozyBear).
Jun 20, 2023 6 tweets 2 min read
It would appear that, despite some of the headlines in the press following the hack by
Cyber Resistance, Sergey Morgachev wasn't as important as we had first thought.
informnapalm.org/en/hacked-russ…
Image From what we have heard he was head of his Department with some extra responsibilities supporting the Head of his section within the 85th GTsSS. Not the Deputy Head of the entire unit, as Cyber Resistance had stated.
May 4, 2023 6 tweets 2 min read
Morenets is a senior official in the #85thGTsSS that is supposed to be a sophisticated state cyber hacking enterprise that should be operating with a high level of plausible deniability. It seems they are incapable of keeping their standards high enough to avoid detection/attribution based on the numerous instances of cyber activity which have recently been attributed to the #GRU.
May 4, 2023 4 tweets 2 min read
Continuing our thread on Aleksey Morenets....
Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.
May 3, 2023 8 tweets 2 min read
We would like to introduce you to Aleksey Sergeyevich Morenets, a #GRU officer indicted by the US along with 6 others in October 2018. Image He may look familiar to you? Here he is in our tweet of congratulations to Yevgeny Serebryakov, on GRU day, for his part in the failed attempted hack of the OPCW HQ in The Hague.
Mar 15, 2023 8 tweets 2 min read
We thought it was time to return to highlighting some of the tech companies with ties to the Russian intelligence services. Today we introduce you to Special Technological Centre Ltd. #STC #СТЦ In late 2016 STC was sanctioned by the U.S. in the amendment to Executive Order 13964 issued by President Obama.
Jan 17, 2023 7 tweets 2 min read
We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ). Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR
Oct 4, 2022 5 tweets 2 min read
We have become aware of a large #ICS/#SCADA malware project apparently conducted under a state contract on behalf of the Russian General Staff Main Intelligence Directorate (#GRU), Main Centre for Special Technologies (#GTsST), military unit 74455. This military unit also known as #Sandworm is located at the GRU Ulitsa Kirova facility in the Khimki suburb of Moscow. In the past Sandworm has targeted ICS/SCADA, one of the most renowned being the #INDUSTROYER2 hacking attempt of a Ukrainian electrical substation in April 22.
Jul 14, 2022 14 tweets 2 min read
If the Russian Intelligence Services work with other companies, which ones? According to the US, one company working with the FSB, GRU and SVR is Advanced System Technologies (AST). According to the US Treasury press release of April 15 21 (home.treasury.gov/news/press-rel…) AST is a "Russian IT security firm whose clients include Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU and SVR."