John Hultquist🌻

@[email protected]
2K Followers
381 Following
26 Posts
VP, Mandiant Threat Intelligence @Mandiant.
@CYBERWARCON founder. Johns Hopkins professor. Army vet.
Twitterhttps://twitter.com/JohnHultquist
Show threadJohn Hultquist🌻Jan 11, 2023
@glesnewich @badtakeblake Got this sucker beat!
John Hultquist🌻Jan 5, 2023
Chris WysopalJan 5, 2023

Parasites exploiting a weakness in another organism to feed. Every vulnerability is a niche for survival.

https://www.wired.com/story/russia-turla-fsb-usb-infection/

Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections

The infamous, FSB-connected Turla group took over other hackers' servers, exploiting their USB drive malware for targeted espionage.

WIRED
Show threadJohn Hultquist🌻Jan 5, 2023
Criminal ops are a fantastic opportunity for state actors. Obviously there's the relationship between state actors and criminals in Russia to consider (FSB teamed up with
criminals it was supposed to hunt). But criminals also sell access! 4/x
Show threadJohn Hultquist🌻Jan 5, 2023
The middle ground is using someone else for proliferation. In this case they took over for someone else who'd already done the work. That might also sound familiar. They sat on top of some Iranian ops a few years back. 3/x https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
Advisory: Turla group exploits Iranian APT to expand coverage of victims

A joint report from the NCSC and NSA highlighting Turla activity

Show threadJohn Hultquist🌻Jan 5, 2023
Agent.BTZ was a mixed bag for Turla over a decade ago. They got everywhere and it gave them the ability to pick and choose targets, but they also got everywhere. The FSB didn't want headlines. Going back to the 90s (featuring young Kevin Mandia) they prefer low and slow. 2/x
John Hultquist🌻Jan 5, 2023
Outstanding blog on a Turla (FSB) op in UA. Some of it may feel familiar to those of you who remember the Agent.BTZ/Operation Buckshot Yankee days. USB proliferation is back, but the twist here is they let someone else do the proliferating. 1/x https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
Turla: A Galaxy of Opportunity | Mandiant

Mandiant
Show threadJohn Hultquist🌻Dec 28, 2022
@silas Brilliant.
Show threadJohn Hultquist🌻Dec 21, 2022
@jnazario @Weld This is exactly the kind of stuff I look for all year for @CYBERWARCON!
John Hultquist🌻Dec 19, 2022
@activemeasuresllc @kevincollier I believe this was an attack by GRU on the election.
John Hultquist🌻Dec 19, 2022
We've released our observations on election interference during the midterms by foreign cyber actors. The usual suspects (Russia, Iran, and China) sought to widen existing political divisions and even promote the idea foreign influence occurred. https://www.mandiant.com/resources/blog/information-operations-2022-midterm-elections
Information Operations Targeting 2022 U.S. Midterm Elections Include Trolling, Narratives Surrounding Specific Races, Politicians | Mandiant

Mandiant