@BushidoToken Threat Intel

Introduction Based on feedback I have received from fellow CTI researchers, incident responders, and managed detection and response teams around my Ransomware Tool Matrix project, I decided to make another Tool Matrix focused on one hostile state in particular: Russia. Again, as defenders, we should exploit the fact the tools used by these Russian APT groups are often reused and through proactive defensive work, we can frustrate and even eliminate the ability of certain adversaries to launch intrusions. Using the Russian APT Tool Matrix comes with its own challenges. While it is undoubtedly useful to have a list of tools commonly used by Russian APTs to hunt, detect, and block, there are some risks, as noted in the repository. The new repository also contains multiple types of Russian threat groups, this includes adversaries part of the GRU, SVR, and FSB. The alias of each Russian threat group has been chosen by what the author of this repo believes it is most well-known as.

Introduction Russian state-sponsored threat groups, such as Fancy Bear (APT28), Cozy Bear (APT29), Turla, and Sandworm, among others, are well-known for complex cyber-espionage operations, targeted intrusions, destructive attacks, and disinformation campaigns. Some of the capabilities of Russian threat groups, however, are not well-known and extend beyond the usual targeting of government and critical infrastructure enterprise networks. The main three Russian intelligence services (GRU, FSB, and SVR) have also conducted less well-known and underreported intelligence gathering campaigns against Android and iPhone users delivering spyware as well as collecting credentials for specific mobile applications. In this blog, I will be examining open source intelligence (OSINT) reports, leveraging the findings and citing investigations conducted by other threat researchers, to present my key findings and an overall assessment of these mobile threat campaigns. Background on Mobile Threat