Over a decade in the making: Sandworm is now APT44.

Below is a thread with some major takeaways and insights from our new report:

cloud.google.com/blog/topics/th…

Google's new report on APT 44 includes the fake USAID phishing campaign we were targeted in December. Thanks to our security training the staff member who received it was immediately able to refer it to our security team, so never underestimate the value of good security

Wow, many congratulations Dmitri Alperovitch!

A curious, revealing Chinese take on US attribution reports, esp Volt Typhoon globaltimes.cn/page/202404/13…

This piece contains a picture-perfect textbook example of what intelligence analysts and scholars call “projection”

I’m honored and beyond excited to join Johns Hopkins SAIS (Johns Hopkins SAIS) as an Adjunct Professor and teach my first course next week! 🤩

My fav thing about (private) Signal usernames and no-number-contacts is that you can control who is able to add your name *to their own address book* — if they don't have a phone number (or email), they can't create an entry. No secondary breach risk; less spam down the line.

In addressing the Havana Syndrome controversy, I'd stick to the old golden triangle for crime investigations: who had the Motive, Means and Opportunity - and if a suspect is found, does s/he have an Alibi (short thread)

It's finally here—my book on how the FBI secretly ran its own tech startup to wiretap the world. DARK WIRE reveals its true scale & stakes for the first time

Preorder now for bonus content on how I pulled back the curtain on this insane story. More below hachettebookgroup.com/titles/joseph-…

Touché warontherocks.com/2024/04/from-w…

The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious.

This is the Silver Back Gorilla of nerds. The internet final boss.

The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role.

Friday’s front page.

New report from Mandiant detailing APT29's expansion of interest beyond diplomatic missions.

We judge this to be an early warning signal to other political parties and civil society groups across Europe/the West that they are also in the SVR's sights.

mandiant.com/resources/blog…

Just remarkable how the attribution of covert operations and violent attacks, beyond just cyber operations, has become a core feature of international affairs—and by how much the US leads in terms of intelligence-driven attributive capabilities, credibility, and speed.

Earlier today at Yasukuni Shrine, Tokyo: Japanese press is watching and counting the budding flowers at the old Sakura benchmark tree (in fence): as soon as the tree’s fifth cherry blossom has opened, news will break that Sakura season is on 🌸 🌸 🌸 🌸 🌸.

Today I saw both a level 3 earthquake and Godzilla in Tokyo.