Oddbean new post about | logout
Catalin Cimpanu | 1 years ago (raw) | root | parent | reply | flag 
 Some CERT-UA naming conventions from the report:

UAC-0010 (Gamaredon/FSB)
UAC-0056 (GRU)
UAC-0028 (APT28/GRU)
UAC-0082 (Sandworm/GRU)
UAC-0144/UAC-0024/UAC-0003 (Turla)
UAC-0029 (APT29/SVR)
UAC-0109 (Zarya)
UAC-0106 (XakNet)
UAC-0107 (CyberArmyofRussia)
Catalin Cimpanu | 1 years ago (raw) | root | parent | reply | flag 
 Some observed trends:

-targeting law enforcement agencies investigating Russian war crimes
-revisiting past victims to maintain access
-focus on immediate data exfil
-less  malware op, more phishing ops
-constant attacks on the UA media to plant fake news and disinformation
-LOLBIN is king
-relentless targeting of email servers