Mark Lechtik

@[email protected]
636 Followers
177 Following
23 Posts

Senior Reverse Engineer (FLARE), Google (Mandiant) | Backdoors, rootkits, bootkits | CTI tinkerer | Views are my own.

#IStandWithUkraine

Linkedinhttps://www.linkedin.com/in/mark-lechtik-18977ba7/
Twitterhttps://twitter.com/_marklech_
Keybasemarklech
Twittodonhttps://twittodon.com/share.php?t=_marklech_&[email protected]
Mark LechtikJan 19, 2023

Fortinet has published an advisory on active exploitation of CVE-2022-42475 in the wild. My colleagues at Mandiant and myself followed up with analysis of a backdoor associated with this activity and targets Fortinet devices, dubbed BOLDMOVE.
Based on artefacts from a Windows variant of BOLDMOVE (54bbea35b095ddfe9740df97b693627b) that allude to a UTC+8 timezone and usage of the GBK character encoding in the actors environment, it is assessed with low confidence that the activity is affiliated to a China-nexus
threat actor.

https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw

Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) | Mandiant

Mandiant
Mark LechtikNov 20, 2022

This is my account on Twitter - https://twitter.com/_marklech_ - verified by https://Twittodon.com

(for verification, don't follow me there)

Show threadMark LechtikNov 20, 2022
@maldr0id I once sat in a meeting between a malware RE team that I led with an executive who started it with the premise "so now that malware reverse engineering has become a commodity..."
Show threadMark LechtikNov 20, 2022
@r00tbsd @Sebdraven one day we will translate it to English
Mark LechtikNov 20, 2022
PwnallthethingsNov 20, 2022

Twitter was special. But it's time to leave

https://www.pwnallthethings.com/p/twitter-was-special-but-its-time

Twitter was special. But it's time to leave

Tweets were always short-lived. Turns out Twitter was too.

PwnAllTheThings
Mark LechtikNov 20, 2022
Dmitri AlperovitchNov 20, 2022

There is far too little recognition of the fact that the US Intelligence Community’s ability to discover Russian invasion plans and share them with Ukraine is one of the greatest intelligence successes of the last 50 years and has had a critical impact on thwarting Putin’s imperialist ambitions.

They knew the Russian war plans better than most of the Russian military executing the invasion (who mostly had no idea they were going to war) and even members of Putin’s Security Council! Remarkable!

Show threadMark LechtikNov 20, 2022
Elon's gesture looks like it has a question mark at the end of it
Mark LechtikNov 20, 2022
This must be the feeling of infinite and all consuming cringe
https://twitter.com/elonmusk/status/1593899029531803649
Elon Musk on Twitter

“Just leaving Twitter HQ code review”

Twitter
Mark LechtikNov 19, 2022
Show threadŁukasz Nov 19, 2022
The charla&tan fraud matrix - from attack methods (in red) to defence methods (in blue)
Mark LechtikNov 18, 2022
https://twitter.com/cpartisans/status/1593634667147988993?s=20&t=Z0vL_UldqH5W1AVbzu_myQ
I don't know much about the credibility of this entity, but if that data is out I think its in the best interest of all of us to know who Roskomnadzor has been targeting since at least February. Who knows what familiar names may come up there.
Belarusian Cyber-Partisans on Twitter

“🔥The work of the main #Kremlin censor has been disrupted. They monitor and censor ppl for @roscomnadzor. 👊📛 Since the beginning of the war, they follow Putin's opponents, write denunciations to the #FSB & other agencies, & block services that help convey truthful info. 1/4”

Twitter