Discover and read the best of Twitter Threads about #APT28

Most recents (14)

Continuing our thread on Aleksey Morenets....
Despite the mistakes made it may surprise you that Morenets still has a job in the #85thGTsSS, also known as #APT28 or Fancy Bear. It is our understanding that he is in charge of a Directorate involved in Cyber espionage.
We have heard that his staff are not happy with his management. We know that in the lead up to the war with Ukraine staff had their working hours extended by Morenets while he remained on regular hours.
Read 4 tweets
🚨 @Mandiant’s M-Trends is here!! 🚨

Stories include 👀
1️⃣ Mandiant’s insights on attacker operations from the frontlines
2️⃣ Ukraine holds the line against 🇷🇺’s cyber operations
3️⃣ Uncommon techniques, successful hacks
4️⃣ DRPK getting 🔐coin
5️⃣ Red Team vs the ☁️
6️⃣ 🎓 APT 42
Read M-Trends today!

🔗 mandiant.com/m-trends

You know you want the ☕️
🔑 Takeaways

By The #️⃣

↪️👩🏼‍💻 Attackers are using what works in region that’s being targeted.
↪️Perimeter device #exploits 💥were used at a higher frequency in 2022.
↪️ Ransomware may be down, but specific ransomware families are proving to be formidable opponents.
Read 9 tweets
Es braut sich etwas zusammen: Europaweit #DDoS-Attacken auf Ministerien und Behörden, #Ransomware-Angriff auf die Lürssen-Werft... Bei Sicherheitsbehörden und IT-Sicherheitsexperten wächst die Sorge vor einer Mischszene aus Cyberkriminellen und pro-russischen Hacktivisten /1
In den vergangenen Monaten haben sich mehrere Hacker-Gruppen, darunter die Hacktivisten von "Killnet" und "NoName057", aber auch Ransomware-Gruppen zu neuen pro-russischen Kollektiven zusammengeschlossen, um den Kreml mit Cyberaktionen zu unterstützen. /2
In Hacker-Foren und #Telegram-Gruppen wird zu Angriffen auf Ziele in Europa, Nordamerika, die #NATO oder #EU aufgerufen, insbesondere auf kritische Infrastruktur, etwa Krankenhäuser oder Energieversorgung. Die Cyberakteure bezeichnen sich dabei als russische Patrioten. /3
Read 10 tweets
Part of the #VulkanFiles is “Scan-V”, a framework to conduct cyberoperations with greater speed, scale and efficiency. Basically, it's purpose is helping the GRU to achieve its mission. One of the indended end-users seems to be #Sandworm.

sueddeutsche.de/projekte/artik… Image
At its heart, Scan-V is designed to scour the web for vulnerabilities that are then stored in an “ultra-large” database. When a new operation starts, things like identifying targets and initial entry supposed to be already at the hackers’ fingertips
derstandard.de/story/20001449… Image
The docs also describe the ability to store e-mails (pst-files), pcaps (network traffic) and network-layouts. Stuff you can’t just scan for externally. Storing info on previously breached targets in case your next task is to hack them again

blog.sekoia.io/sekoia-io-anal… Image
Read 11 tweets
Paul Manafort was working with Russia's GRU and the SVR on the Barker Plan and the Mariupol Plan.

Russian collusion, @DonaldJTrumpJr.
What was William Barr of Kirkland & Ellis doing in London for Oleg Deripaska?

Russian collusion.
What was William Barr of Kirkland & Ellis doing in London for Oleg Deripaska?

Russian collusion.
Read 40 tweets
Attendees to the Trump Tower meeting included Donald Trump Jr., Natalia Veselnitskaya (SVR), Rinat Akhmetshin (GRU), Anatoli Samochornov, Ike Kaveladze (Crocus), Paul Manafort, Jared Kushner & Rob Goldstone (Emin Agalarov's Proxy).

Russia's GRU & SVR were helping Paul Manafort.
Russia's SVR was helping Paul Manafort on The Barker Plan.

Evgeny Fokin.

#UnitedWithUkraine #StandWithUkraine
Russia's GRU was helping Paul Manafort on The Mariupol Plan.

Konstantin Kilimnik.

#UnitedWithUkraine #StandWithUkraine
Read 21 tweets
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.

Mercury Public Affairs and The Barker Plan.

It is a Conspiracy to Defraud the United States.
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.

Mercury Public Affairs and The Barker Plan.

It is a Conspiracy to Defraud the United States.

What was William Barr doing in London and did it involve The Barker Plan?
Paul Manafort & David Vitter were both working on behalf of Russian organized crime.

Mercury Public Affairs and The Barker Plan.

It is a Conspiracy to Defraud the United States.

#ArrestBarrNow
Read 44 tweets
We tweeted in July about the development of a variant to the malware project Drovorub-A1 by Russian tech company AST (АСТ).
Drovorub-A1 was originally developed for the GRU 85th Main Special Service Center (85th GTsSS, в/ч 26165) and dubbed the 'Swiss Army Knife' for hacking Linux.
#APT28 #GRU #FANCYBEAR
US agencies warned of the threat posed in a 45-page security alert released in August 2020 and companies such as Schneider Electric offered mitigation to customers in advance of fixes to their operating systems.
media.defense.gov/2020/Aug/13/20…
Read 7 tweets
Hi!

For the past six months, @FlorianFlade and I've been working on a podcast. Today is release day of "Der Mann in Merkels Rechner". At its core, we wanted to answer one question: How exactly can you find out who is behind a hacking operation?

br.de/mediathek/podc…

(1/6)
We chose to focus on the intrustion of the 🇩🇪parliament in 2015. Hacked by #FancyBear/#APT28. Since there's an arrest warrant, you can tell the story front to back. The podcast has five episodes and is in German. I'm going to summarize key bits here, one thread per episode
(2/6)
We spoke with dozens of people, if possible, on-record, e.g.:
Adrian Nish (BAE Systems), he alerted the Germans
@nunohaien of Crowdstrike
Adam Hickey, Deputy Assistant Attorney General at DoJ
Dutch intel agency MIVD
Michael Hange, former head of @BSI_Bund
@ciaranmartinoxf
Read 13 tweets
Developing" #Russia #Chia #Iran hackers targeting @realDonaldTrump @JoeBiden presidential campaigns

"foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated" per @Microsoft's @TomBurt45

blogs.microsoft.com/on-the-issues/…
#Russia's #Strontium (also known as #FancyBear or #APT28) "has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants" per @TomBurt45
#China's #Zirconium "has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community" per @Microsoft 's @TomBurt45
Read 5 tweets
Exklusiv: Der @GBA_b_BGH hat einen Haftbefehl gegen einen russischen Cyberspion erwirkt. Er soll am Bundestagshack beteiligt gewesen sein. Unsere @SZ @WDRinvestigativ - Recherche: sz.de/1.4891668 Mehr in diesem Thread ⬇️ #APT28 #FancyBear #Spionage #Justiz #BKA
Dmitriy Sergevevich Badin ist russischer Staatsbürger, geboren 1990 in Kursk, Russland. Er soll der Cyber-Einheit 26165 des russischen Militärgeheimdienstes #GRU angehören.
Badin wird bereits von den US-Behörden gesucht: Wegen der Beeinflussung der US-Präsidentschaftswahlen 2016 (#DNCHack) und dem Cyberangriff auf die Welt-Anti-Doping-Agentur #Wada.
Read 16 tweets
“Contacts were pulled from service member’s devices and family members have been getting threats and disturbing messages from hackers...deployed 82nd troops have been hacked and that messages were sent to family members to scare them.”

militarytimes.com/flashpoints/20…
Strangely enough, you know who did the same thing against the spouses of US service members? Russia’s #GRU hackers, #APT28. Total false flag attack framing ISIS as an info op.

nbcnews.com/storyline/isis…
This would be surprisingly easy to pull off. Just look through public records of any troopers assigned to @Strike_Hold, send them phishing emails, gain access to their contact list and send emails. Spammers do this all the time (just not threatening emails).
Read 3 tweets
Merry Christmas everyone.

Powerful synthesis of the evidence thus far on #Guccifer2 from @with_integrity:

Guccifer 2.0 Game Over – Year End Review

disobedientmedia.com/2018/12/guccif…
A Christmas present that everyone who appreciates the truth will thoroughly enjoy.

disobedientmedia.com/2018/12/guccif…
Discussing the #Forensicator's first analysis of #NGPVAN:

"That study has been the subject of some controversy, although mostly built on conflating the findings with various interpretations of them, and with reporting on the study conducted by third parties."
Read 35 tweets
#AssisesSI, J2 : in da place pour écouter @felixaime (chercheur @kaspersky) parler de l'enquête sur #OlympicDestroyer, le malware perturbateur de JO (cf mobile.lemonde.fr/pixels/article…)
Intéressant: les attaquants ont voulu se faire passer pour des pirates nord-coréens spécialisés dans le ciblage d'institutions financières (#Bluenoroff ou #APT38)
Où l'on retrouve #Sofacy a.k.a. #FancyBear / #APT28 et la galaxie autour (BlackEnergy, NotPetya, BadRabbit). #PoupéesRusses
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!