@glesnewich @badtakeblake Got this sucker beat!

Parasites exploiting a weakness in another organism to feed. Every vulnerability is a niche for survival.

https://www.wired.com/story/russia-turla-fsb-usb-infection/

Criminal ops are a fantastic opportunity for state actors. Obviously there's the relationship between state actors and criminals in Russia to consider (FSB teamed up with
criminals it was supposed to hunt). But criminals also sell access! 4/x

The middle ground is using someone else for proliferation. In this case they took over for someone else who'd already done the work. That might also sound familiar. They sat on top of some Iranian ops a few years back. 3/x https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims

Agent.BTZ was a mixed bag for Turla over a decade ago. They got everywhere and it gave them the ability to pick and choose targets, but they also got everywhere. The FSB didn't want headlines. Going back to the 90s (featuring young Kevin Mandia) they prefer low and slow. 2/x

Outstanding blog on a Turla (FSB) op in UA. Some of it may feel familiar to those of you who remember the Agent.BTZ/Operation Buckshot Yankee days. USB proliferation is back, but the twist here is they let someone else do the proliferating. 1/x https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

@silas Brilliant.

@jnazario @Weld This is exactly the kind of stuff I look for all year for @CYBERWARCON!

@activemeasuresllc @kevincollier I believe this was an attack by GRU on the election.

We've released our observations on election interference during the midterms by foreign cyber actors. The usual suspects (Russia, Iran, and China) sought to widen existing political divisions and even promote the idea foreign influence occurred. https://www.mandiant.com/resources/blog/information-operations-2022-midterm-elections

Happy Hanukkah!

Definitely won’t lock you outside Mars colony.

Details on a supply chain attack that hit Ukraine’s government. Ukrainian-language Windows ISO files made available through torrents. Targets in UA gov were then handpicked. Those targets overlap with GRU interests. https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government

Here we go!

Hey guys! Highline Bar is closing soon, make sure to get back to the Hyatt Regency safe!

Glad to see you on here @taosecurity

#infosec folks -- @CISAjen@infosec.exchange is also here!

We are so excited for @CISAjen's keynote tomorrow!

@jett @ridt @Pwnallthethings This is what cyber war looks like

@Pwnallthethings :100a:​