John Hultquist🌻

@[email protected]
2K Followers
381 Following
26 Posts
VP, Mandiant Threat Intelligence @Mandiant.
@CYBERWARCON founder. Johns Hopkins professor. Army vet.
Twitterhttps://twitter.com/JohnHultquist
John Hultquist🌻Jan 5, 2023
Chris WysopalJan 5, 2023

Parasites exploiting a weakness in another organism to feed. Every vulnerability is a niche for survival.

https://www.wired.com/story/russia-turla-fsb-usb-infection/

Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections

The infamous, FSB-connected Turla group took over other hackers' servers, exploiting their USB drive malware for targeted espionage.

WIRED
Show threadJohn Hultquist🌻Jan 5, 2023
Criminal ops are a fantastic opportunity for state actors. Obviously there's the relationship between state actors and criminals in Russia to consider (FSB teamed up with
criminals it was supposed to hunt). But criminals also sell access! 4/x
Show threadJohn Hultquist🌻Jan 5, 2023
The middle ground is using someone else for proliferation. In this case they took over for someone else who'd already done the work. That might also sound familiar. They sat on top of some Iranian ops a few years back. 3/x https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
Advisory: Turla group exploits Iranian APT to expand coverage of victims

A joint report from the NCSC and NSA highlighting Turla activity

Show threadJohn Hultquist🌻Jan 5, 2023
Agent.BTZ was a mixed bag for Turla over a decade ago. They got everywhere and it gave them the ability to pick and choose targets, but they also got everywhere. The FSB didn't want headlines. Going back to the 90s (featuring young Kevin Mandia) they prefer low and slow. 2/x
John Hultquist🌻Jan 5, 2023
Outstanding blog on a Turla (FSB) op in UA. Some of it may feel familiar to those of you who remember the Agent.BTZ/Operation Buckshot Yankee days. USB proliferation is back, but the twist here is they let someone else do the proliferating. 1/x https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
Turla: A Galaxy of Opportunity | Mandiant

Mandiant
John Hultquist🌻Dec 19, 2022
We've released our observations on election interference during the midterms by foreign cyber actors. The usual suspects (Russia, Iran, and China) sought to widen existing political divisions and even promote the idea foreign influence occurred. https://www.mandiant.com/resources/blog/information-operations-2022-midterm-elections
Information Operations Targeting 2022 U.S. Midterm Elections Include Trolling, Narratives Surrounding Specific Races, Politicians | Mandiant

Mandiant
John Hultquist🌻Dec 18, 2022
Happy Hanukkah!
John Hultquist🌻Dec 18, 2022
Definitely won’t lock you outside Mars colony.
John Hultquist🌻Dec 15, 2022
Details on a supply chain attack that hit Ukraine’s government. Ukrainian-language Windows ISO files made available through torrents. Targets in UA gov were then handpicked. Those targets overlap with GRU interests. https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant

Mandiant
John Hultquist🌻Nov 10, 2022
Here we go!