Category Archives: Uncategorized

In February 2022, following the Russian invasion of Ukraine, the operators of Conti ransomware announced their support of the Russian government. They shortly walked back their support, seemingly after rifts by members of the group. Not long after that, hundreds of thousands of messages from internal chat logs were shared publicly by two accounts on […]

Introduction Russian state-sponsored threat groups, including Fancy Bear (APT28), Cozy Bear (APT29), Turla, and Sandworm, are widely recognized for their sophisticated cyber-espionage operations, targeted intrusions, destructive cyber attacks, and disinformation efforts. However, some of their capabilities extend beyond commonly targeted government and critical infrastructure networks and are less well-known. The primary Russian intelligence agencies—GRU, FSB, […]

Introduction Based on feedback from fellow cyber threat intelligence (CTI) researchers, incident responders, and managed detection and response teams about my Ransomware Tool Matrix project, I decided to develop another Tool Matrix, this time focusing specifically on one particular hostile state: Russia. As defenders, we can take advantage of the fact that Russian APT groups […]

Introduction Cyber Threat Intelligence (CTI) analysts bring a variety of backgrounds and experiences, and their specific roles often differ widely depending on the organization they work for. Paths to becoming a CTI analyst are diverse, with some entering from Security Operations Centers (SOC) or other cybersecurity roles, some coming directly from academia, and others transitioning […]

Cyber threat intelligence largely involves the tracking and studying of the adversaries outside of your network. Gaining counterintelligence about your adversaries’ capabilities and weaponry is one of the final building blocks for managing a strong cyber defense. In the pursuit of performing this duty, I have been studying how to discover adversary infrastructure on the internet. One […]