MSTIC is hiring in Dublin, Ireland. Several jobs for early in career Signals Analysts, Threat Intelligence Analysts, and Data Scientists. See aka.ms/msticireland for details on the jobs

Mit dem deutschen Regierungsnetz haben wir eine Art riesigen Honeypot, bzw. einen 'Magnet of threats'. Und damit Daten für empirische Threat-Intelligence-Auswertungen.
Wie hartnäckig sind APT-Gruppen? Wie häufig kommen sie nach Angriffsversuchen wieder?
bsi.bund.de/DE/Themen/Unte…

NEW: A yearlong investigation by The Insider, 60 Minutes and DER SPIEGEL has uncovered evidence suggesting that Havana Syndrome may have its origin in the use of directed energy weapons wielded by the Russian GRU’s infamous Unit 29155.  theins.press/en/politics/27…

A surprising thing in the APT31 indictment is that there is no dedicated infrastructure subteam. Instead, the suspects seem like multi-taskers. Surprising,since their infrastructure looks quite consistent. Maybe a documented team playbook or tooling for setting up infrastructure?

UK set to attribute 2021 Electoral Commission breach to China. When put into a wider context (alongside OPM, etc), China now possesses a staggering amount of sensitive data on Western citizens. bbc.co.uk/news/uk-politi…

New report from Mandiant detailing APT29's expansion of interest beyond diplomatic missions.

We judge this to be an early warning signal to other political parties and civil society groups across Europe/the West that they are also in the SVR's sights.

mandiant.com/resources/blog…

APT29 (Midnight Blizzard/Cozy Bear) is targeting German political parties. The SVR has been on a tear lately and their mission of keeping Putin up to date on the West's thinking is especially important at this critical moment in the war. 1/2 mandiant.com/resources/blog…

📢 Yes. It’s here. Absolutely mind blowing. The highlights of the #PIVOTcon24 #agenda .
You have goosebumps all over your bodies? Drrrrrrrrumrrrrrrrroll.. 🥁🥁🥁 Go ahead and check them out! We still have some tickets😉
#ThreatIntel #CTI 🧵1/15
pivotcon.org/agenda/

There are a couple actually. Out of technical curiosity:

CHN and US malware used to gather biometric data at airports: news.yahoo.com/shattered-insi…

AIVD malware used against APT29: volkskrant.nl/wetenschap/dut…

Malware used on smartphones of Soleimani's allies: news.yahoo.com/conspiracy-is-…

What is almost certainly a clear & deliberate signal from the Kremlin, in a pivotal election year, that it is willing to use stolen information to shape Western political dynamics in Moscow's favor.

Great excerpt from Byron Tau's new book - how the Pentagon learned to use targeted ad data to locate and track Putin and other targets wired.com/story/how-pent…

🚨We’ve published a new joint cyber security advisory revealing evolving tactics used by Russian state-linked cyber actors as more organisations move to cloud-based infrastructure ⬇️
ncsc.gov.uk/news/uk-allies…

In September 2022, attendees at the inaugural LABScon heard about an actor I described then as 'one of the most prolific, most deeply connected, and most technically advanced actors around'. Events this week were a reminder that the video never went out, so here it is 👇

CISA is calling out a lot of organizations with this one. “Frequently find that network defenders: rely predominantly on untuned EDR systems and discrete iOCs.”
🫳🎤
cisa.gov/sites/default/…

NIS und BfV warnen vor einer #Cyberspionagekampagne , die mit hoher Wahrscheinlichkeit von der nordkoreanischen Gruppierung #LAZARUS gegen die internationale #Rüstungsbranche durchgeführt wird: verfassungsschutz.de/SharedDocs/kur… 1/2

„A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that #GRU Military Unit 26165, also known as #APT28 (…) Fancy Bear (…) used to conceal and otherwise enable a variety of crimes.“ justice.gov/opa/pr/justice…