Naval Postgraduate School, Senior Lecturer, PhD. Author of Russian Cyber Operations: Coding the Boundaries of Conflict - Paperback with New Preface @SpartanRace
Salt Typhoon scoop —>
-Hundreds of orgs notified of possible compromise
-Hackers exploited years-old flaws that had patches, but telcos never implemented them
-FCC CALEA ruling expected to pass before Trump takes office
https://t.co/A3gpJHyb2i
An APT group that Trend Micro tracks as Earth Koshchei (also known as APT29 and Midnight Blizzard), likely used a rogue remote desktop protocol (RDP) attack methodology against numerous targets. https://t.co/p9gVE34r21 @TrendMicro
A Russian state-sponsored hacker group, known as Gamaredon, has been targeting Ukrainian-speaking victims in an ongoing cyber-espionage campaign, researchers have found. https://t.co/8Tz3bog44I @TheRecord_Media
Threat actors affiliated with the Chinese government have compromised telecom provider networks to conduct a cyber espionage campaign. Network defenders should read new guidance from the #FBI and our partners to harden their systems against this activity: https://t.co/yzh7NedOAe
Hundreds of private cybersecurity firms, technology services providers, and universities are helping China's state apparatus develop offensive cyber capabilities to support the country's strategic military, economic, and geopolitical goals. https://t.co/4VsLMZFmrj
Sandworm, a group linked to Russian intelligence, has been hacking Ukrainian targets in recent years, but “we’re now seeing that they’re interested in the energy sector across Europe” | https://t.co/roOIBm1Jxl @POLITICOEurope
Sen. Mark Warner, chairman of the Senate Intelligence Committee, calls Salt Typhoon “worst telecom hack in our nation’s history”
The Chinese state-affiliated hackers moved from telco network to another. They listened in real-time to calls. 1/ https://t.co/OJqY7WqzNj
Joint Statement from #FBI and @CISAgov on the People's Republic of China Targeting of Commercial Telecommunications Infrastructure: https://t.co/M1dcXCTKI5
China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers. https://t.co/GfOcPrZTOc @TheRegister
Today, the Office of the Director of National Intelligence (@ODNIgov), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (@CISAgov) released the following statement: https://t.co/JNJDVCY0Oo
INSANE writeup from @SophosXOps. I read it and re-read it a few times when it came out, just to wrap my mind around all of the incredible tradecraft from both attacker and defender.
Hats off to the team at @Sophos for documenting this so thoroughly.
https://t.co/vHJKUBKb48
Defense strikes back!
@SophosXOps hacked back ("counter-offensive") their China-based 🇨🇳 #APT attackers by installing an implant on the hacked box.
Impose cost, attribution matters.
Microsoft warns that Russia's "Midnight Blizzard" hacking team is using a digitally signed Remote Desktop Protocol (RDP) configuration file in its spear-phishing emails. Heads up: https://t.co/ICRKdqrkwI
We've witnessed a notable tactical evolution in DPRK-affiliated Jumpy Pisces' recent activity: teaming up with established ransomware operation Play. This marks the first documented joint effort of this North Korean state-funded group and a ransom network. https://t.co/gPTvWsFshA
Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. https://t.co/W6EZWOM6W1
Russia's SVR hacking group used malicious domain names designed to seem like they were associated with Amazon Web Services (AWS) in an effort to steal Windows credentials. https://t.co/MvZTUSaeeF