The GRU's Reuse of Tools During the War on Ukraine

This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.

The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29.

Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Additional Resources

Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9u

Listen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2R

Read the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjP

Read the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk