@shakirov2036.bsky.social
I study Russian foreign policy, cyber security, arms control
My take (in Russian) on this week's cyber attack against Aeroflot. The key idea is pretty simple: to solve the problem of cyber war, information security measures alone are not enough; it needs to be adressed politically, too, through conflict resolution
www.forbes.ru/mneniya/5430...
Trump says he "ordered two Nuclear Submarines to be positioned in the appropriate regions" in response to ex-President Medvedev's provocative statements (probably his recent tweet)
This reminded me of the 2020 report by Alexi Drew & @heatherwilly.bsky.social www.kcl.ac.uk/csss/assets/...
"Everyone's predictions on the number and impact of cyber attacks on critical infrastructure that would occur after Stuxnet was discovered were wrong. Wildly wrong on the high side." www.linkedin.com/pulse/what-w...
29.07.2025 15:05 — 👍 8 🔁 3 💬 1 📌 0This is what's actually happening, yes
28.07.2025 17:41 — 👍 0 🔁 1 💬 0 📌 0
The alleged attackers have already collaborated before: in late March they claimed a hack of the Belarusian national CERT, apparently exaggerating the impact of the attack
tochka.by/articles/lif...
Silent Crow emerged on Telegram in January & leaked several datasets allegedly stolen from Russian firms (at least 2 cases were confirmed in court: t.me/cyberguerre/..., t.me/cyberguerre/...). Acc. to BI.ZONE researchers, Silent Crow is rebranded DumpForums
28.07.2025 12:51 — 👍 5 🔁 0 💬 1 📌 0Cyber Partisans formed in fall 2020 on the backdrop of the protests following presidential elections in Belarus. Initially it mostly targeted Belarusian gov't & organizations, but starting in 2022 also hit Russian targets
See bsky.app/profile/shak...
The immediate impact for Aeroflot goes beyond passengers' discontent & crowds at Sheremetyevo (msk1.ru/text/transpo...) & includes its stocks plunging (www.rbc.ru/quote/news/a...)
It remains to be seen how soon the airline will recover & whether it would face legal consequences
Russia's Office of Prosecutor-General said that the incident was caused by a hacker attack & opened a criminal case under art. 272 of the Criminal Code (illegal access to computer info)
t.me/genprocrf/5308
See Aeroflot statements here t.me/aeroflot_pr
A major cyber incident in Russia: two groups, Cyber Partisans & Silent Crow, took credit for a cyber attack on Aeroflot, claiming they destroyed its internal IT systems. Aeroflot didn't acknowledge the attack but canceled nearly 100 flights & delayed some more due to an 'outage'
28.07.2025 12:51 — 👍 202 🔁 56 💬 6 📌 8* to clarify: reporting late is ok, not crediting your source is not
08.07.2025 12:43 — 👍 1 🔁 0 💬 0 📌 0I can relate, but on some level I think it's ok. This field is full of obscure stories
08.07.2025 12:20 — 👍 0 🔁 0 💬 1 📌 0
A cyber attack disrupted the operation of a Russian network of volunteer-run service centers that jailbreak commercial DJI drones making them fit for warfighting. Although no one took credit for this hack it looks like a highly targeted sabotage operation
fromcyberia.substack.com/p/hackers-di...
Can a cyber operation have an impact on drone warfare? Probably yes, but in a not-so-obvious way. In a new post, I review a reported disruption of a network of service centers that weaponize commercial DJI drones with a customized firmware.
open.substack.com/pub/fromcybe...
360 apparently refers to the same group as APT-C-78. There's no report only a mention that in recent year this highly skilled and well-organized threat actor targeted Excnange servers. + a self-chek tool
bbs.360.cn/thread-16164...
QiAnXin reports on a new APT, NightEagle, active since 2023 & targeting Chinese tech & gov't orgs. QAX claims that the attackers exploited an unknown Exchange vuln
"Considering the target and interests of the attack, we think the group is from a country in North America"
github.com/RedDrip7/Nig...
Professionals in most countries borrowed the term APT from the U.S. But France uses the acronym MOA instead, which stands for 'mode opératoire d'attaque.' This term emphasizes the unique set of TTPs of the attacker rather than its skills or persistence
cyber.gouv.fr/le-cyberdico
NoName057(16) is selective with its "love"
intel471.com/blog/nato-su...
PS: They targeted the Netherlands again yesterday, mainly because of the NATO summit
www.telegraaf.nl/binnenland/p...
4 other REvil case defendants including Puzyrevskiy, identified as the founder of the group, were sentenced in October
bsky.app/profile/shak...
Update on the REvil case: Bessonov, Golovachuk, Muromskiy, Korotayev plead guilty & were sentenced to time served
(Not for ransomware attacks but for carding)
The court also decided to confiscate 2 Benzes & $1.2 mil from Bessonov, a BMW from Korotayev
tass.ru/proisshestvi...
Also, check out this story by @antoanetaroussi.bsky.social from earlier this year with my quick comment
www.politico.eu/article/chin...
Here's the story based mostly on TeamT5's research
www.nytimes.com/2025/06/19/w...
Reupping my piece on Cyber Espionage Among Friends following @meghara.bsky.social NYT story on Chinese cyber operations targeting Russia
I dig into Russian reports about Chinese APTs & vice versa & provide context on why there's no political backlash
fromcyberia.substack.com/p/cyber-espi...
Article by Lior Yoffe et al. on Western APT reports www.tandfonline.com/doi/full/10....
Piece on APT naming by Jen Easterly & Ciaran Martin www.justsecurity.org/114442/cyber...
Dutch report on Laundry Bear www.aivd.nl/documenten/p...
Chinese report on Taiwanese APTs www.cverc.org.cn/head/zhaiyao...
Cyber threat intelligence has evolved primarily as a private domain driven by cyber security vendors and researchers. Is this about to change?
My reflections on several recent publications about whether threat intelligence is becoming 'nationalized'
fromcyberia.substack.com/p/nationaliz...
Ironically (and unjustly!) VirusBlokAda is not even credited in the CVE record for CVE-2010-2568
cve.mitre.org/cgi-bin/cven...
Of course VirusBlokAda analyzed only the tip of the iceberg, the follow-up research by Kaspersky, Symantec & others revealed the full scale of the operation behind Stuxnet, see Countdown to Zero Day by @kimzetter.bsky.social
17.06.2025 14:50 — 👍 1 🔁 0 💬 1 📌 0
Today is the 15th anniversary of the discovery of Stuxnet by Belarusian firm VirusBlokAda
It was only 2 weeks later that they disclosed it publicly, specifically the LNK zero-day vulnerability (CVE-2010-2568)
EN web.archive.org/web/20100717...
RU web.archive.org/web/20100717...
It's almost like parental advisory labels except that it's extrajudicial government repression
16.06.2025 14:45 — 👍 1 🔁 0 💬 0 📌 0
When Russia declares an author a 'foreign agent' their books can still be sold but their status must be indicated on the cover (books by Alexander Arkhangelsky on Russian poetry & by Nikolay Epple on nations dealing with their difficult past)
16.06.2025 14:43 — 👍 2 🔁 0 💬 1 📌 0
![Quemando[a]cromo](https://cdn.bsky.app/img/avatar/plain/did:plc:sadpdzr4eki2vrmdo6r3wtak/bafkreifk3yaprqbbwowzeng3puf35oalhm6kbnmhsvpszbbplwfg46vqme@jpeg)
