Ian Litschko 's Avatar

Ian Litschko

@ilitschko.bsky.social

Russian cyber espionage and cybercrime| Carleton University and MGIMO | GTA Khachipuri

1,094 Followers  |  399 Following  |  76 Posts  |  Joined: 07.08.2023  |  2.5377

Latest posts by ilitschko.bsky.social on Bluesky

Russia want's its own messanger app, independend and stuff.

Relies on Salesforce 🀣

19.10.2025 13:10 β€” πŸ‘ 5    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0

Don’t let anyone tell you that the Russians never arrest cybercriminals. Criminals who cause harm to Russians are regularly arrested, and as this instance shows, often dealt with harshly. See my timeline for a modest sampling of other arrests of hackers, fraudsters, and other Russian cybercriminals.

09.10.2025 11:48 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

What we report publicly and attribute vs what they report publicly and attribute are wildly different beasts. Wish Bi Zone gave some geographic attribution but will take what I can get right now.

08.10.2025 22:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I think super important to track what they're saying about what they fear, what they think war looks like, & what they think adversaries will do, as well as what they themselves hope to do & what they actually do. Also crucial to track the disconnects between these & whether & when they narrow. 7/7

08.10.2025 15:30 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
Gamaredon X Turla collab ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

Most interesting to me is that the cooperation between Gamaredon and Turlais distinct from the Gamaredon cooperation with Invisimole. They are really solidifying themselves as an initial access team within the FSB.

www.welivesecurity.com/en/eset-rese...

19.09.2025 17:28 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

APT or Another Phishing Training?

Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...

Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...

This looks plausible:

1/2

06.09.2025 15:27 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
Β«Π‘Π΅Π»Ρ‹Ρ… Ρ…Π°ΠΊΠ΅Ρ€ΠΎΠ²Β» записали Π² Ρ‡Π΅Ρ€Π½Ρ‹ΠΉ список Π‘ΠΎΡ€ΡŒΠ±Π° с мошСнниками ΠΌΠΎΠΆΠ΅Ρ‚ Π·Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚ΡŒ спСциалистов ΠΏΠΎ кибСрбСзопасности

Russia is considering forbidding dissemination of information on how cyber attacks are conducted. Could be a big problem for CTI practitioners or incident responders sharing TTPs, because those include that kind of information.
www.kommersant.ru/doc/7991253

29.08.2025 13:32 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.

Most notable thing in this (apart from new publicly available info on Energetic Bear), is the assertion that Static Tundra is a subgroup of Energetic Bear. Been happening a lot with GRU groups, now FSB 16th Centre.

blog.talosintelligence.com/static-tundra/

20.08.2025 14:44 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

And there goes the rest of my day.

11.08.2025 18:19 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Not a fan, just tastes like a hop bomb.

10.08.2025 02:20 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Very different from what I was expecting but very good. One of those super limited run things at the LCBO so had to get one.

07.08.2025 23:04 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

First Japanese wheat beer.

07.08.2025 22:24 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow us...

SORM in action. Next, someone will tell me the guys cop boxes outside of embassy gates in Moscow who just want to take a look at your passport aren't taking note. Even when you're just going to the basement bar for cheap Moosehead on a Friday evening.

www.microsoft.com/en-us/securi...

31.07.2025 16:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Overall they're decent, but IMO they used to be better. Currently best ones from Chatham-Kent are Red Barn and Glasstown. If Sons of Kent bring back the Fergie Jenkins pilsner, they will be back to the top.

29.07.2025 00:51 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Normally a big fan of my hometown brewery but that particular one is definitely not my favourite.

28.07.2025 19:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

A major cyber incident in Russia: two groups, Cyber Partisans & Silent Crow, took credit for a cyber attack on Aeroflot, claiming they destroyed its internal IT systems. Aeroflot didn't acknowledge the attack but canceled nearly 100 flights & delayed some more due to an 'outage'

28.07.2025 12:51 β€” πŸ‘ 198    πŸ” 55    πŸ’¬ 6    πŸ“Œ 6

What is interesting is that it looks like more disruption to flights was caused in this attack than by the multiple airlines breached by Scattered Spider.

28.07.2025 10:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

while you’re at it, just go ahead and burn this collection on SVR cyber operations. who cares. not like it helps SVR’s CI analyses. fuck do I know. (Pg 16)

24.07.2025 23:41 β€” πŸ‘ 11    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0

Regionality has become a recurring theme in reporting on Russian cyber.

20.07.2025 18:45 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Decoding Secrets Through Symbols: How Military Insignia Revealed Russia's Hidden SIGINT Network - CheckFirst Sometimes the best intelligence comes from the most unexpected sources. Our latest investigation proves this by using Russian online military insignia stores to map one of the FSB's most secretive uni...

Decoding Secrets Through Symbols: How Military Insignia Revealed Russia’s Hidden SIGINT Network by @checkfirst.network
β†˜οΈ
checkfirst.network/decoding-sec...

20.07.2025 18:06 β€” πŸ‘ 30    πŸ” 15    πŸ’¬ 2    πŸ“Œ 4

some other highlights:
- this cluster tried to re-establish relationships after we disabled their accounts by creating new, similarly named accounts. very persistent!
- if you thought their device linking phase was over, think again! susp apt29 groups looove this & want to make it seem more legit

10.07.2025 20:52 β€” πŸ‘ 10    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

If there were any American or French lords of war currently imprisoned in Russia, it would make for sweet poetry to get them in a prisoner swap for Russian basketball player Daniil Kasatkin, who was just jailed in Paris on charges of aiding a ransomware conspiracy. meduza.io/en/news/2025...

09.07.2025 21:49 β€” πŸ‘ 19    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

Probably the best thing from Innis and Gunn I have had.

29.06.2025 02:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Reupping my piece on Cyber Espionage Among Friends following @meghara.bsky.social NYT story on Chinese cyber operations targeting Russia

I dig into Russian reports about Chinese APTs & vice versa & provide context on why there's no political backlash

fromcyberia.substack.com/p/cyber-espi...

23.06.2025 08:56 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image Post image Post image

🚨NEW REPORT: exposing clever new hacking tactic.

πŸ‡·πŸ‡ΊRussian state-backed hackers used an App-Specific Password attack against prominent Russia expert @keirgiles.bsky.social

It's like they knew what we all expect from πŸ‡·πŸ‡Ί...and then did the opposite 1/

By us @citizenlab.ca & Google's GTIG

18.06.2025 20:47 β€” πŸ‘ 208    πŸ” 105    πŸ’¬ 10    πŸ“Œ 8
Preview
Suspected Russian hackers used new tactic against UK researcher Suspected Russian hackers have deployed a new tactic to trick even wary targets into compromising their own accounts, a victim of the spy campaign and researchers said on Wednesday.

Keir Giles has been targeted *again* by allegedly Russian hackers β€” this time using a clever new trick intended to bypass 2-factor authentication.

Over the years I’ve written about Giles an unusual amount, and I have an idea about why.

First, the coverage:
www.reuters.com/technology/s...

18.06.2025 21:46 β€” πŸ‘ 75    πŸ” 39    πŸ’¬ 4    πŸ“Œ 5

The SVR doing something novel with app specific passwords, and having the patience to go back and forth enough times to pull it off through an email conversation.

18.06.2025 18:46 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It's a great wine, though not my preferred choice from Abkhazia. Very difficult to get though, so will enjoy it regardless.

18.06.2025 01:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Abkhazian wine tonight.

18.06.2025 00:26 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
NATO to End Disclosure of Ukraine Aid and Defense Planning, Fearing Russian Exploitation - The Moscow Times BRUSSELS β€” NATO is limiting public disclosures of its activities and aid to Ukraine amid concerns that Russia will exploit this information, officials from three NATO countries told The Moscow Times o...

To avoid β€œturning even the smallest incidents into scandals and points of conflict,” NATO is now limiting public disclosures of its activities and aid to Ukraine. Sharing less information is supposed to counter Russian disinformation. www.themoscowtimes.com/2025/06/17/t...

17.06.2025 16:01 β€” πŸ‘ 17    πŸ” 2    πŸ’¬ 2    πŸ“Œ 0

@ilitschko is following 20 prominent accounts