Found 14 bookmarks
Custom sorting
Threat Hunting Case Study: Uncovering Turla | Intel 471
Threat Hunting Case Study: Uncovering Turla | Intel 471
Russia has long been a military power, a nuclear power, a space power and in recent decades, a cyber power. It has been one of the most capable cyber actors, going back to the late 1990s when Russian state hackers stole classified documents and military research from U.S. universities and government agencies. The stolen documents, if stacked on top of one another, would have been taller than the Washington Monument (555 feet or 169 meters). These incidents, dubbed “Moonlight Maze” as described in Thomas Rid’s book “Rise of the Machines,” marked one of the world’s first advanced persistent threat (APT) attacks. Russia’s intelligence and security agencies continue to operate highly skilled groups of offensive attackers. Those APT groups are spread across its intelligence and security agencies and the Ministry of Defense. They engage in a broad range of cyber and influence operations tied to Russia’s strategic objectives. These include exploiting adversary systems, establishing footholds, conducting cyber espionage operations and running disinformation and misinformation campaigns designed to undermine Western narratives. One of the most effective and long-running Russian groups is Turla, a unit known as Center 16 housed within Russia’s Federal Security Service, or FSB. Researchers found that this group, which is active today, may have been connected with Moonlight Maze.
#intel471#EN#2024#Turla#case-study#analysis#APT#Russia
·intel471.com·
Threat Hunting Case Study: Uncovering Turla | Intel 471
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
#microsoft#EN#2023#CadetBlizzard#DEV-0586#Russia#analysis
·microsoft.com·
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
SEKOIA.IO analysis of the #VulkanFiles leak
SEKOIA.IO analysis of the #VulkanFiles leak
  • Exfiltrated Russian-written documents provide insights into cyber offensive tool projects contracted by Vulkan private firm for the Russian Ministry of Defense. * Scan-AS is a database used to map adversary networks in parallel or prior to cyber operations. Scan-AS is a subsystem of a wider management system used to conduct, manage and capitalize results of cyber operations. * Amezit is an information system aimed at managing the information flow on a limited geographical area. It allows communications interception, analysis and modification, and can create wide information campaigns through social media, email, altered websites or phone networks.
#sekoia#EN#2023#analysis#vulkanfiles#leaks#Russia#Scan-AS#Amezit#Vulkan
·blog.sekoia.io·
SEKOIA.IO analysis of the #VulkanFiles leak
Preparing for a Russian cyber offensive against Ukraine this winter
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
#Microsoft#EN#2022#iridium#russia-ukraine-war#Russia#cyberoffensive#analysis#winter
·blogs.microsoft.com·
Preparing for a Russian cyber offensive against Ukraine this winter
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Killnet makes three announcements The past month seemed to be a turning point for the pro-Russian hacktivist group “Killnet”—and it was very eager to tell the world about it.  First, on July 27, “Killmilk”—the founder and the head of the group who led its transformation from a DDoS-for-hire outlet i
#flashpoint#EN#2022#Killnet#Russia#hacktivism#Analysis
·linkedin.com·
Making Sense of the Killnet, Russia’s Favorite Hacktivists
SEKOIA.IO analysis of the #VulkanFiles leak
SEKOIA.IO analysis of the #VulkanFiles leak
* Exfiltrated Russian-written documents provide insights into cyber offensive tool projects contracted by Vulkan private firm for the Russian Ministry of Defense. * Scan-AS is a database used to map adversary networks in parallel or prior to cyber operations. Scan-AS is a subsystem of a wider management system used to conduct, manage and capitalize results of cyber operations. * Amezit is an information system aimed at managing the information flow on a limited geographical area. It allows communications interception, analysis and modification, and can create wide information campaigns through social media, email, altered websites or phone networks.
#sekoia#EN#2023#analysis#vulkanfiles#leaks#Russia#Scan-AS#Amezit#Vulkan
·blog.sekoia.io·
SEKOIA.IO analysis of the #VulkanFiles leak
Preparing for a Russian cyber offensive against Ukraine this winter
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
#Microsoft#EN#2022#iridium#russia-ukraine-war#Russia#cyberoffensive#analysis#winter
·blogs.microsoft.com·
Preparing for a Russian cyber offensive against Ukraine this winter
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Killnet makes three announcements The past month seemed to be a turning point for the pro-Russian hacktivist group “Killnet”—and it was very eager to tell the world about it.  First, on July 27, “Killmilk”—the founder and the head of the group who led its transformation from a DDoS-for-hire outlet i
#flashpoint#EN#2022#Killnet#Russia#hacktivism#Analysis
·linkedin.com·
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Killnet makes three announcements The past month seemed to be a turning point for the pro-Russian hacktivist group “Killnet”—and it was very eager to tell the world about it.  First, on July 27, “Killmilk”—the founder and the head of the group who led its transformation from a DDoS-for-hire outlet i
#flashpoint#EN#2022#Killnet#Russia#hacktivism#Analysis
·linkedin.com·
Making Sense of the Killnet, Russia’s Favorite Hacktivists