John Hultquist
@hultquist.bsky.social
Mandiant Intelligence at Google. CYBERWARCON and SLEUTHCON founder. Johns Hopkins professor. Army vet.
As for Russian intent, the recent incident in Poland is a stark reminder that the motivation is stronger than ever. I don’t think they are going to be bashful about deploying these capabilities, especially when they’re so easily deniable. 4/x
February 5, 2026 at 1:01 PM
As for Russian intent, the recent incident in Poland is a stark reminder that the motivation is stronger than ever. I don’t think they are going to be bashful about deploying these capabilities, especially when they’re so easily deniable. 4/x
I’m most concerned about DDOS attacks, which have been en vogue lately with hacktivist groups with Russian government ties. DDOS attacks are generally temporary, but when timed right, they can be quite powerful. 3/x
February 5, 2026 at 1:01 PM
I’m most concerned about DDOS attacks, which have been en vogue lately with hacktivist groups with Russian government ties. DDOS attacks are generally temporary, but when timed right, they can be quite powerful. 3/x
The goal is to take some of the shine off the Games, and by extension its participants, and generally that’s best done by disrupting the complex and carefully orchestrated event. Attacks on critical infrastructure like transit are precedented. So are attacks on the broadcast. 2/x
February 5, 2026 at 1:01 PM
The goal is to take some of the shine off the Games, and by extension its participants, and generally that’s best done by disrupting the complex and carefully orchestrated event. Attacks on critical infrastructure like transit are precedented. So are attacks on the broadcast. 2/x
Reposted by John Hultquist
"The actor Poland has identified is notable for a lengthy history of digging into global critical infrastructure while holding back on actual attacks," @hultquist.bsky.social says. "If they have finally pulled the trigger, that would be a major departure from over a decade of restraint."
January 30, 2026 at 7:06 PM
"The actor Poland has identified is notable for a lengthy history of digging into global critical infrastructure while holding back on actual attacks," @hultquist.bsky.social says. "If they have finally pulled the trigger, that would be a major departure from over a decade of restraint."
Perhaps most disconcerting is that if this is Berserk Bear/Dragonfly/Isotope/FSB, then they are now in play. Their ops were notable by the fact that they have not carried out an attack. Especially disconcerting considering the decade of quiet intrusions they have carried out. 3/x
January 30, 2026 at 2:02 PM
Perhaps most disconcerting is that if this is Berserk Bear/Dragonfly/Isotope/FSB, then they are now in play. Their ops were notable by the fact that they have not carried out an attack. Especially disconcerting considering the decade of quiet intrusions they have carried out. 3/x
Russian cyberattacks in Europe have been slowly ramping up, just like physical sabotage. They are boiling the frog, ratcheting up pressure while avoiding major blowback. There will be more incidents. I’m particularly concerned about the Winter Olympics. 2/x
January 30, 2026 at 2:02 PM
Russian cyberattacks in Europe have been slowly ramping up, just like physical sabotage. They are boiling the frog, ratcheting up pressure while avoiding major blowback. There will be more incidents. I’m particularly concerned about the Winter Olympics. 2/x