Cybersecurity Exploit Techniques

🗞️ 🇺🇦 Fascinating reporting this week on Russia 🇷🇺 ‘s sophisticated “digital occupation” of #Telegram within occupied Ukrainian territories, using thousands of bot. Incredibly thorough work by Atlantic Council Digital Forensic Research Lab (DFRLab) and OpenMinds analysts. 👉🏼🤖 automated campaigns distorting local sentiment, legitimizing occupation, drowning out Ukrainian voices- overpowering platform-based takedown efforts. 🧠 A concerning long term impact of a « #digital #occupation » is our future ability to understand the war truthfully. What data will historians work on ? During eventual reintegration of occupied territories, understanding fully the tactics of a « digital occupation » will be vital for rebuilding media resilience &restoring #informationintegrity. 🎯Between Jan 2024 and Apr 2025, 3,634 automated accounts (bots) posted over 316,000 comments 🔹2.9 million comments analysed, in 110 Telegram channels tied to Russian‑occupied Ukrainian territories 🔹Expanded dataset to ~3.37 million comments across ~4,500 channels. 🔹Employed topic modeling, manual annotation (3,450 samples), keyword classification, and GPT‑4 assistance to define 69 narrative themes and train a classifier 🤖 They deployed 3 main narrative types: pro‑Russian, anti‑Ukrainian rhetoric, neutral or abstract “anti­‑war” peace appeals. 🔹In channels linked to occupied areas, pro‑Russian messages—praising Russian infrastructure, culture, government—were prevalent 🔹Messages reacted to local events—water/electricity shortages—and proactively praised Russian state services initiated locally. 🔹Activity surged around key events—Ukrainian shortages, Putin’s re‑election, terrorist attacks—reactive propaganda. In occupied areas, they stabilized backgrounds of “normalcy” with infrastructure repair messaging. 🔹bot automation : Accounts used incoherent language, some posting over 1,000 comments/day, recycled links to pro‑Russian or Western outlets, and had generic profile data 🔹 A single #bot published 1,391 comments in one day across 65 channels, weaving through 40 themes and criticizing Zelenskyy in 24 % of its posts. 🔍 Effects 🔹flooding local chats with supportive messages creates illusion of widespread approval of Russian occupation 🔹Suppressing accurate info: digital offensive complements infrastructure control, limiting access to Ukrainian media and reinforces Kremlin narratives 🔹mass is making Telegram’s efforts to remove bots inefficient; new accounts quickly replace banned ones. = complicates Ukrainian authorities’ ability to reach occupied populations with truthful information. 👉🏼Full report : https://lnkd.in/eQaJWxPu 🙏🏻 Thank you & congrats to the 2 editors Layla Mashkoor, deputy director of research at the Atlantic Council’s Digital Forensic Research Lab Sviatoslav Hnizdovskyi, CEO and founder of OpenMinds 🧑🧑🧒🧒And their teams!

The Russian foreign intelligence service (SVR, similar to the Soviet KGB) have adapted their tactics for gaining initial access to cloud computing. A recent joint advisory from UKUSA partners outlines how the SVR have adapted. This is relevant if you are in a Government or Defence supply chain, as we have seen with incidents such as the infamous SolarWinds attack. This information is also relevant even if you are not a Government or Defence supplier - you can be sure that cybercriminals will learn from these tactics. For all we know, some of the SVR-backed actors might even be doing crime as a side-hustle! The short version: ⚡ The SVR are also known as APT29, Cozy Bear, and more recently, Midnight Blizzard ⚡ This is the same organization that recently conducted an extensive breach against Microsoft executives, cyber, and legal teams, by moving laterally from a test tenant to the corporate tenant ⚡ Service accounts are the prime target for password spraying attacks, because they usually don't have MFA - also, accounts of departed users ⚡ Cloud-based tokens are also being used for initial access ⚡ Attackers use "MFA-bombing", where the attacker sends many MFA push requests (assumes they have a valid password), in the hope that the victim will accept one of the requests, and allow the attacker to defeat MFA, then set their own device as the second factor ⚡ Use of residential proxies, where the attackers compromise many commodity-grade routers (the Ubiquity EdgeRouter being the most recent target) so that the attacks appear to come from home internet What to do about it: 🔒 Use MFA! Yes, MFA bombing is still as risk, but it adds one more hurdle, and there are also phish-resistant forms of MFA (eg. FIDO2) 🔒 For service accounts that do not have MFA, use a long, complex, unique password - no person will have to type it in on a console, so it does not have to be memorable or convenient! 🔒 Apply the principal of least privilege to service accounts 🔒 Use "canary" service accounts that trigger an alert when authentication attempts are made 🔒 For cloud tokens, keep the validity period short, and (I cannot stress this enough), make sure the validity is checked! 🔒 Ensure that you are logging application and host events, and monitoring for indicators of compromise

The customer contacted us because "Microsoft 365 Defender has detected a security threat", more precisely, the alert "Anomalous Token involving one user" was raised. We tasked the customer to give us access to their Azure Tenant so that we could investigate the logins and conduct a deeper investigation. The first thing I always do in such investigations is check the Risky Sign-ins (you know, low-hanging fruits). The red squares depicted in the screenshot below are logins from the same user, the exact same user who is involved in the anomalous token alert. See, the Microsoft 365 Defender alert we mentioned above was generated on 21/12/2023.. but there are still two other, earlier risky sign-ins. These sign-ins haven't raised any suspicion or alerts. Look at the locations - this looks bad, right? Microsoft writes about these "Anomalous token" detections: "We recommend investigating the sessions flagged by this detection in the context of other sign-ins from the user. If the location, application, IP address, User Agent, or other characteristics are unexpected for the user, the tenant admin should consider this risk as an indicator of potential token replay." [1] Yes, the user was 100% compromised. It turned out that the first malicious login (mid-November 😱) was from Russia, using a Linux User-Agent (no, the user never used Linux). Plus, during the analysis of the Unified Audit Log of the compromised account, we saw that the attackers used a MacOS User-Agent, whereas the compromised user only used Windows. By the way, the customer was not even aware that such a thing as risky sign-ins exists. And if your organization does not use Linux and or Mac devices, logins from such devices (or with such User-Agents) should be investigated (yes, employees might use their private devices to access company resources), but then correlate the login with country and ASN information. Good luck ☘

Yesterday, I laid out the threat of the "Echo Chamber" attack—a stealthy method of turning an LLM's own reasoning against itself to induce a state of localized model collapse. As promised, the deep(er) dive is here. Static defenses can't stop an attack that never trips the alarm. This new class of semantic exploits requires a new class of active, intelligent defense. In this full technical report, I deconstruct the attack vector and detail a multi-layered security strategy that can not only block these threats but learn from them. We'll go beyond simple filters and explore: ► The Semantic Firewall: A system that monitors the state of a conversation to detect the subtle signs of cognitive manipulation. ► The "Turing Interrogator": A reinforcement learning agent that acts as an automated honeypot, actively engaging and profiling attackers to elicit threat intelligence in real time. ► A system diagram illustrating how these components create a resilient, self-improving security ecosystem. The arms race in adversarial AI is here. It's time to build defenses that can think. #AISecurity #LLMSecurity #RedTeaming #CyberSecurity #ModelCollapse #AdversarialAI

𝐃𝐞𝐜𝐨𝐲 𝐃𝐫𝐨𝐧𝐞𝐬: 𝐓𝐡𝐞 𝐀𝐫𝐭 𝐨𝐟 𝐌𝐚𝐤𝐢𝐧𝐠 𝐘𝐨𝐮𝐫 𝐄𝐧𝐞𝐦𝐲 𝐖𝐚𝐬𝐭𝐞 𝐄𝐯𝐞𝐫𝐲𝐭𝐡𝐢𝐧𝐠 🎯🛰️ 🔍 In the skies over Ukraine and Russia, the battle isn’t just about firepower — it’s about deception at industrial scale. Both sides are now launching swarms of decoy drones in parallel with real strike platforms. The goal: to confuse, drain, and expose enemy air defense. ▪️ A Ukrainian long-range strike drone can cost ~$200K ▪️ A decoy drone? Just a few thousand dollars ▪️ But both fly together — dozens at a time 💥 “We use decoys to make a corridor,” explained a Ukrainian drone commander. The first wave saturates radar, triggers missiles, and reveals air defense zones. The real drones follow through the breach. 🛫 Ukraine’s 14th UAV Regiment, once reliant on commercial drones, now operates systems capable of 1,000+ mile strikes. In 2025 alone, they aim to produce 30,000 drones — many of them decoys. 🌊 The tactic extends to the sea. Waterborne decoys accompany strike drones like the Magura V5, overwhelming Russian defenses in the Black Sea. 🎭 Russia mirrors the approach. Many of its drones are fitted with Luneberg lenses, simulating the radar profile of cruise missiles. This forces Ukraine to fire prematurely and burn through limited interceptors. 🧠 “Distinguishing between real and fake is extremely difficult,” said defense analyst @Samuel Bendett. Russia wants defenders to waste munitions and expose their positions — which are then targeted in follow-on waves. ⚙️ It’s not just hardware — it’s software. AI is being developed to help classify incoming threats in real-time. But the adversary adapts too — building decoys designed to trick pattern-recognition algorithms. 🔁 It’s a spiral: ‣ Real drone ‣ Decoy drone ‣ AI that detects decoys ‣ Decoys engineered to mimic AI-detectable behavior 🎖️ This is maskirovka 2.0 — deception as doctrine, updated for the drone age. The result: a battlefield where appearance matters more than substance, and success is defined not just by what you strike — but by how much you make your enemy spend trying to stop you. #DroneWarfare #AirDefense #ElectronicWarfare #DecoyDrones #DefenseInnovation #UnmannedSystems #DeepStrike

'A Russian spy plot that sought to sow "panic and terror" in the West has been revealed in a joint-investigation. Leaked emails from Russia's Foreign Intelligence Service (SVR) obtained by independent Russian site The Insider and the German newspaper Der Spiegel reveal an elaborate plan masterminded in 2022, dubbed "Project Kylo."... ...The SVR officer suggested that instead of pushing typical pro-Russian arguments about the conflict, the operation should "deepen internal contradictions between the ruling elites" in the West, including in the U.S., which is known among the special services as Russia's "main adversary." This involved SVR recruits creating fake advertisements disguised as news headlines, fake NGOs and websites, publishing manipulative content on social media platforms including YouTube, and hiring individuals to take part in protests in the West with the aim of filming them and disseminating the content online.' https://lnkd.in/grXk5Btt

The Ukrainian Armed Forces have introduced a new method of countering Russian drones by utilizing their own FPV (First Person View) drones equipped with shotguns. Recently published footage demonstrates how these innovative devices effectively intercept and destroy Russian unmanned aerial vehicles on the battlefield. The videos show a Ukrainian drone equipped with shotguns approaching a Russian drone and precisely shooting it down from the sky. This new technology is being developed by Ukrainian tech teams, such as Lesia UA, who are testing and refining these solutions in combat conditions. FPV drones armed with shotguns represent an innovative approach to combating hostile unmanned aerial vehicles, offering a cheaper and more flexible alternative to traditional air defense systems. Their deployment enables rapid responses to threats posed by Russian drones, which play a crucial role in reconnaissance and combat operations. The introduction of shotgun-equipped drones is yet another example of the Ukrainian Armed Forces' ingenuity in the ongoing conflict, showcasing their ability to adapt and quickly implement modern technologies on the battlefield.

„The Insider has obtained hacked correspondence from officers of Russia's foreign intelligence agency (SVR) responsible for “information warfare” with the West. The leaked documents, intended for various government agencies, reveal the Kremlin's strategy: spreading disinformation on sensitive Western topics, posting falsehoods while posing as radical Ukrainian and European political forces (both real and specially created), appealing to emotions — primarily fear — over rationality, and utilizing new internet platforms instead of outdated ones like RT and Sputnik. The “leitmotif of our cognitive campaign in the [Western] countries is proposed to be the instilling of the strongest emotion in the human psyche — fear,” the document states. “It is precisely the fear for the future, uncertainty about tomorrow, the inability to make long-term plans, the unclear fate of children and future generations. The cultivation of these triggers floods an individual's subconscious with panic and terror.” Curiously, 2023 saw its fair share of Russian-sponsored provocations seemingly aligned with Operation Kylo all across Europe. Research by a European media consortium revealed that a roving troupe of Russian hirelings kept turning up at protests in major cities such as Paris, Brussels, Madrid, and The Hague denouncing Western arms shipments to Ukraine. The men, the consortium concluded, had likely been hired by Russian special services. One was even found to be a student from St. Petersburg, who, as if taking literal instruction from Kolesov’s playbook, went searching online for volunteers who would be photographed for 80 to 100 euros. The images were meant to be used on social media to telegraph that anti-Ukraine protests were a mass phenomenon in Europe. Other stunts have followed. In October, not long after Hamas’s attack on Israel, hundreds of Stars of David were spray-painted on the walls of Jewish institutions all over Paris, images of which went viral online. The culprits were actually a Russian-speaking couple from Moldova who were caught in the act and explained they had been recruited to do this false-flag operation via the Telegram messenger. More recently, three men placed coffins in front of the Eiffel Tower with French flags and the phrase “French soldiers of Ukraine'' scrawled on them — a reference to French President Emmanuel Macron’s suggestion that French troops might one day be deployed to safeguard the port city of Odesa. The men are reported to have received up to 400 euros for the campaign. A “truly final version” of the project (…) clarifies that a core objective will be “mass protest actions in NATO countries, followed by the dissemination of content in the enemy’s media field. We have the necessary capabilities to attract a special contingent permanently residing abroad for such events,” perhaps referring to SVR “illegals,” or spies stationed in the West without diplomatic cover.“ https://lnkd.in/ePTS9zzG

Ukraine Deploys All-Robot Drone Force to Defend Against 8,000 Russian Troops Overview: In a groundbreaking military operation, Ukraine’s 13th National Guard Brigade launched an all-robot, combined-arms drone attack against a significantly larger Russian force in Kharkiv Oblast. This marks one of the first recorded instances of an entirely robotic combat force being deployed in active warfare, blending aerial and ground-based drones to defend a critical five-mile frontline stretch against 8,000 Russian soldiers. The Ukrainian military’s innovative strategy highlights both the technological prowess of its drone warfare capabilities and the growing challenges of maintaining sufficient manpower in prolonged conflict. How the All-Robot Drone Team Operated: 1. Combined-Arms Coordination: • The drone team operated similarly to a traditional combined-arms military force, integrating surveillance, offense, and logistics roles. 2. Key Drone Units: • Multi-Rotor Copters: Equipped to carry heavy payloads, including anti-tank mines. • FPV (First-Person View) Drones: Used for precision strikes and kamikaze missions. • Surveillance Drones: Provided real-time intelligence and targeting data. 3. Tactical Deployment: • Dozens of unmanned ground and aerial vehicles coordinated simultaneously across a small frontline segment to disrupt Russian advances. National Guard Spokesperson: “This operation demonstrated the power of robotic synergy—ground and aerial drones working in tandem to secure key defensive positions.” Strategic and Technological Significance: 1. Force Multiplier: • Drones effectively compensated for Ukrainian manpower shortages on this section of the frontline. 2. Scalable Tactics: • The success of this operation suggests the potential for larger-scale drone deployments in future engagements. 3. Cost-Effective Defense: • Compared to traditional manned operations, drones are more cost-efficient and reduce the risk of human casualties. 4. Real-Time Adaptability: • Surveillance drones provided instant battlefield intelligence, enabling quick adjustments to enemy movements. Concerns Over Manpower Shortages: While the use of an all-robot drone force is a technological milestone, analysts caution that it might also signal strain on Ukrainian human resources: The Takeaway: Ukraine’s deployment of an all-robot drone force against 8,000 Russian troops represents a milestone in military innovation and a strategic adaptation to mounting human resource challenges. While the success of the operation demonstrates the immense potential of unmanned combat systems, it also highlights the fragility of Ukraine’s manpower reserves in a prolonged war. This development may set the stage for an intensified drone arms race, pushing both Ukraine and Russia to prioritize autonomous systems in future military planning. The Kharkiv operation could very well be remembered as a turning point in the evolution of modern warfare.

Major Cybersecurity Alert - Russian GRU Unleashes Sophisticated Campaign Against Western Supply Lines A devastating new intelligence report reveals how Russian military hackers have been systematically infiltrating the backbone of Western aid to Ukraine - targeting the very companies moving critical supplies across borders. The Scope is Staggering: • 85th Main Special Service Center (Unit 26165) - Russia's elite cyber warfare unit - has compromised dozens of logistics companies across 13 countries • Victims include major transportation hubs, ports, airports, maritime companies, and IT service providers • The operation spans from Bulgaria to the United States, with over 10,000 IP cameras hijacked to monitor aid shipments in real-time Their Methods: The hackers didn't just break into networks - they studied their targets like predators. They identified key personnel, mapped business relationships, and exploited trust between partner companies. Once inside, they accessed the most sensitive intelligence: train schedules, shipping manifests, container numbers, cargo contents, and exact travel routes of aid shipments to Ukraine. The Most Disturbing Discovery: Russians positioned themselves to watch everything. They compromised traffic cameras and private security cameras near border crossings and military installations. Camera targets were positioned to monitor aid flowing into the country. They could literally watch Western aid arrive and coordinate attacks accordingly. How They Got In: • Exploited Microsoft Outlook vulnerabilities to steal credentials • Used fake login pages impersonating government entities • Weaponized WinRAR file compression software • Conducted massive password-spraying campaigns • Even attempted voice phishing, calling victims while impersonating IT staff The Persistence Factor: Once inside corporate email systems, they manipulated mailbox permissions for sustained access, enrolled compromised accounts in multi-factor authentication to appear legitimate, and used legitimate Microsoft Exchange protocols to blend their data theft with normal business operations. Why This Matters: This isn't just corporate espionage - it's military intelligence gathering that directly threatens Ukrainian defense capabilities. Every compromised shipment manifest potentially enables Russian forces to target aid convoys, anticipate weapon deliveries, or disrupt critical supply chains. The investigation involved 15+ international intelligence agencies, highlighting how seriously Western governments view this threat. Organizations handling sensitive logistics or supporting Ukrainian aid efforts should immediately review their cybersecurity posture and monitor for the specific indicators outlined in this advisory. #CyberSecurity #Ukraine #Russia #NationalSecurity #Logistics