A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its policy aims. More precisely, the GRU weaponized the use of the network intrusions in its influence operations. The indictment goes into detail about the TTPs (Tactics, Techniques and Procedures) used by the attackers and it is worthwhile to pay careful attention to the adversary tradecraft that was used and how it can be defended against. For this blog we have used the MITRE ATT&CK™ framework as our methodology to play back the findings of the indictment: https://www.digitalshadows.com/blog-and-research/mitre-attck-and-the-mueller-gru-indictment-lessons-for-organizations/
Other content in this Stream
The nature of the services offered by technology companies means they often collect sensitive customer data and supply critical communication infrastructure to their clients.
In the spotlight this week is the Iran-linked threat group “APT35”, which took aim at the email accounts of political entities in the United States and prominent Iranians living outside Iran.
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories. - APT35 Targets Email of US political figures & prominent Iranians -...
Last week, we learned that millions of Ecuadorian’s personal details had been exposed by a misconfigured ElasticSearch database. This is ...
Simon talks about how easy it is to conduct domain squatting and typosquatting, and how little monitoring still goes on around them in the industry.
When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTPs and map this to the Mitre PRE-ATT&CK and ATT&CK framework.
Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the...
Gaining access to dark web and deep web sources can be extremely powerful – if you focus on relevant use cases. The most successful strategies we observe have clear requirements, such as fraud detecti
29:00It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick
This practical guide provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.
Rick Holland and Harrison Van Riper interview Xena Olsen in this episode of ShadowTalk. The team focus their discussion on how to get timely, but effective intelligence out the door.
There are now 750 million more files exposed than we reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.
59:41Learn how to combat Online counterfeiting, Trademark infringement, Fake social media sites, Fraudulent websites, and Fake mobile apps. Check out this recorded webinar for more.
This week, the Federal Bureau of Investigation released its 2018 Internet Crime Complaints Center (IC3). In 2018, the IC3 responded ...
