I think for me one thing that has been maybe not under-appreciated but under I think discussed is just how fast and how just your volume the GRU has operated since they're the invasion of Ukraine. We saw the GRU consistently leveraging like Empire Metasplatin Impact Kit you know things that are widely available they're public tools empires pretty old at this point. Why are they using these type of like tooling when they could ostensibly just build their own empire build their own custom tooling? It's because it works and it allows them to have these quick turnaround ops that they need to sustain this balance of access and action during their wartime operations.
This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.
The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29.
Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9u
Listen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2R
Read the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjP
Read the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk