Ian Litschko

The main difference I can see so far is my hypothesis that initial access occurs at the regional level, leveraging the regional focus of individual military districts.

Just mostly glad to see significant alignment in my research.

Someone putting pen to paper GRU regionality, something I've been researching for the past few years. Based on imagery they include, we use similar methodologies to break down the VIO by regions and links to monoliths, and reach similar conclusions.

Cyber spies use fake New Year concert invites to target Russian military The campaign surfaced earlier in October after researchers at the New York-based cybersecurity firm Intezer identified a malicious XLL file uploaded to VirusTotal, first from Ukraine and later from Ru...

Researchers said they observed a hacking group attempting to lure senior Russian military officers to download malware using a variety of phishing emails therecord.media/cyber-spies-...

First day of vacation beer at the Canadian Warplane Heritage Museum.

Bundesregierung macht Russland für Cyberangriff verantwortlich Die Bundesregierung wirft Russland einen großen Cyberangriff auf die Flugsicherung und eine Desinformationskampagne im Bundestagswahlkampf vor. Der russische Botschafter wurde ins Auswärtige Amt einbe...

Germany seems more willing to call out Russia - today the government is accusing Russia of a large scale cyber attack on air traffic security and for disinformation campaign during the federal elections earlier this year:

История большого взлома. Как хакеры парализовали «Аэрофлот» С начала войны число атак украинских и белорусских хакеров на крупные российские компании выросло кратно, но не всегда о них

Blockbuster reporting by Maria Kolomychenko on the Aeroflot hack with new details on messy infosec, the impact of & recovery from what was the biggest cyber attack on Russia during the war

thebell.io/istoriya-bol...

Another day another Belarusian picked up by the Poles for spying and “sabotage”

Profile: GRU cyber and hybrid threat operations

The UK has updated their GRU cyber profiles today. I love the breakdown of Fancy Bear into at least 3 distinct teams. It helps the research I've been doing into subgroups and regionalization within the GRU, trying to break down monoliths into a military district based understanding of GRU cyber ops.

It strikes me that people make fun of American politicians or influencers who post AI nonsense. But when Russia, China or Iran does the same thing, people act like they're sophisticated threat actors capable of shaping global opinion at will.

Always fun to see the reason one of your instructors got the job at MGIMO.

Off bright and early to DC for Cyberwarcon.

Oh ok so it wasn’t a GRU operator (necessarily) — it was a guy working as part of the recently identified threat group that pissed off Dutch intelligence

Once Upon a Russia: Voices From a Vanished Era Amazon.com: Once Upon a Russia: Voices From a Vanished Era: 9781737766346: Fisher, Steven A.: Books

The indefatigable Steven Fisher, formerly of Citibank Russia and Citibank Ukraine, has assembled this collection of remembrances from former expats in Russia. There is so much here, so many memories of a Russia vanished. I reminisced about riding the rails ( scottgehlbach.net/posts/4055-r...).

The elite Russian unit hunting Ukraine’s drone warriors Moscow’s new Rubikon team upends Kyiv’s control of the electronic battlefield

FT report: Russia’s Rubikon unit is upending Ukraine’s drone advantage — locating & killing operators deep behind the lines, training other Russian teams, & seizing control of Ukraine's decisive "electromagnetic spectrum." Ukrainian pilots now face relentless pressure, must adapt tactics to survive.

В Таиланде арестовали «всемирно известного» российского хакера по запросу США. Предположительно, это сотрудник ГРУ Алексей Лукашев Тайская киберполиция сообщила об аресте на Пхукете 35-летнего гражданина России, которого американские власти разыскивают по обвинению в хакерских атаках на государственные структуры Европы и США

It is apparently very hard to use Yandex to search "what countries extradite to the US?"

theins.ru/news/286794

Tonight's bottle of Georgian.

Russia want's its own messanger app, independend and stuff.

Relies on Salesforce 🤣

Don’t let anyone tell you that the Russians never arrest cybercriminals. Criminals who cause harm to Russians are regularly arrested, and as this instance shows, often dealt with harshly. See my timeline for a modest sampling of other arrests of hackers, fraudsters, and other Russian cybercriminals.

What we report publicly and attribute vs what they report publicly and attribute are wildly different beasts. Wish Bi Zone gave some geographic attribution but will take what I can get right now.

I think super important to track what they're saying about what they fear, what they think war looks like, & what they think adversaries will do, as well as what they themselves hope to do & what they actually do. Also crucial to track the disconnects between these & whether & when they narrow. 7/7

Gamaredon X Turla collab ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

Most interesting to me is that the cooperation between Gamaredon and Turlais distinct from the Gamaredon cooperation with Invisimole. They are really solidifying themselves as an initial access team within the FSB.

www.welivesecurity.com/en/eset-rese...

APT or Another Phishing Training?

Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...

Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...

This looks plausible:

1/2

«Белых хакеров» записали в черный список Борьба с мошенниками может затронуть специалистов по кибербезопасности

Russia is considering forbidding dissemination of information on how cyber attacks are conducted. Could be a big problem for CTI practitioners or incident responders sharing TTPs, because those include that kind of information.
www.kommersant.ru/doc/7991253

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering.

Most notable thing in this (apart from new publicly available info on Energetic Bear), is the assertion that Static Tundra is a subgroup of Energetic Bear. Been happening a lot with GRU groups, now FSB 16th Centre.

blog.talosintelligence.com/static-tundra/

And there goes the rest of my day.

Not a fan, just tastes like a hop bomb.

Very different from what I was expecting but very good. One of those super limited run things at the LCBO so had to get one.

First Japanese wheat beer.

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow us...

SORM in action. Next, someone will tell me the guys cop boxes outside of embassy gates in Moscow who just want to take a look at your passport aren't taking note. Even when you're just going to the basement bar for cheap Moosehead on a Friday evening.

www.microsoft.com/en-us/securi...

Overall they're decent, but IMO they used to be better. Currently best ones from Chatham-Kent are Red Barn and Glasstown. If Sons of Kent bring back the Fergie Jenkins pilsner, they will be back to the top.