Tylermcl
@tylermcl.bsky.social
Advanced Practices at Google Cloud’s Mandiant
Reposted by Tylermcl
The takeaway: The GRU has followed the same five phase disruptive playbook throughout the war. Alternatives have existed, but the GRU has opted for the same tradecraft on repeat. We assess that these choices are calculated adaptations to a wartime operating environment.
July 12, 2023 at 2:31 PM
The takeaway: The GRU has followed the same five phase disruptive playbook throughout the war. Alternatives have existed, but the GRU has opted for the same tradecraft on repeat. We assess that these choices are calculated adaptations to a wartime operating environment.
Reposted by Tylermcl
Notable Storm-0875 tradecraft
1. Initial Access: Sms phishing + AITM or purchase infostealer logs (bypasses most defenses)
2. Privilege escalation via SIM swapping or call number forwarding global admin’s personal phone
3. Time from initial access to global admin often occurs within hours
1. Initial Access: Sms phishing + AITM or purchase infostealer logs (bypasses most defenses)
2. Privilege escalation via SIM swapping or call number forwarding global admin’s personal phone
3. Time from initial access to global admin often occurs within hours
July 6, 2023 at 12:56 PM
Notable Storm-0875 tradecraft
1. Initial Access: Sms phishing + AITM or purchase infostealer logs (bypasses most defenses)
2. Privilege escalation via SIM swapping or call number forwarding global admin’s personal phone
3. Time from initial access to global admin often occurs within hours
1. Initial Access: Sms phishing + AITM or purchase infostealer logs (bypasses most defenses)
2. Privilege escalation via SIM swapping or call number forwarding global admin’s personal phone
3. Time from initial access to global admin often occurs within hours