John Hultquist🌻Outstanding blog on a Turla (FSB) op in UA. Some of it may feel familiar to those of you who remember the Agent.BTZ/Operation Buckshot Yankee days. USB proliferation is back, but the twist here is they let someone else do the proliferating. 1/x https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
Agent.BTZ was a mixed bag for Turla over a decade ago. They got everywhere and it gave them the ability to pick and choose targets, but they also got everywhere. The FSB didn't want headlines. Going back to the 90s (featuring young Kevin Mandia) they prefer low and slow. 2/x
The middle ground is using someone else for proliferation. In this case they took over for someone else who'd already done the work. That might also sound familiar. They sat on top of some Iranian ops a few years back. 3/x https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
Criminal ops are a fantastic opportunity for state actors. Obviously there's the relationship between state actors and criminals in Russia to consider (FSB teamed up with
criminals it was supposed to hunt). But criminals also sell access! 4/x
criminals it was supposed to hunt). But criminals also sell access! 4/x