i think there's signs that the jir you is maybe waning when it comes to to lean availability we're seeing a lot of reuse of things like catty wiper over and over. i'm wondering if we'll see more of this sort of pseudo ransomware stuff where it might even have an i-o component to it right but really targetedreally trying to aim at anyone who sort of helps ukraine during the conflict in the future versus at ukraine itself. I find this to be a really interesting case because they ended up attributing it to iridium or sandworm and so i'm interested to see where that goesIt's not caddy wiper right this is
This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.
The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29.
Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9u
Listen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2R
Read the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjP
Read the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk