Russia v Ukraine : A primer for the uninitiated

Russian intervention in the Ukraine, be it military or 'cyber', historically has been something of a strategic playground, whilst other attacks observed are more 'noisy' - or disruptive, the ongoing incidents which can be, and will be attributed to Russia. If like me, you're a scholar at the aspects of cyber incidents particularly when it comes to Russia v Ukraine which experts will quickly identify and theorize are the work of the shadowy Russian bear(s).

My own learning has focused on 'why', and I've digested  and recommended the following

  1. The 'ultimate' guide, in my humble opinion, is here Russia v Ukraine  Kenneth Greers
  2.  APT28 or depending on the vendor
    Pawn Storm,
    Sofacy Group,
    Tsar Team,
    Threat Group-4127,
    Grizzly Steppe (when combined with Cozy Bear) The important part to note here is that APT28 is widely believed to be GRU, and GRU are explained in detail here 
  3. APT29 or Cozy Bear, again depending on the vendor may be called any of the  following Office Monkeys, 
    The Dukes, 
    Grizzly Steppe (when combined with Fancy Bear)

This is the best infographic I have seen explained the process of APT28/29 activity.



There are a breathless number of analysts capable of dissecting the incidents that occur within the Ukraine borders and often more are bullet quotes seeking to encourage fear, uncertainty and doubt, AKA FUD. My experience of working with some extremely talented analysts both in the Government and at F500 who actively avoid headline-grabbing and offer comments by way of research and analysis. Robert M.Lee explicitly called out this type of behaviour and asked 'stick to the facts'.

The concept of 'hackers' knocking out power in a country is one which evokes a large number of reactions, I look to people like Robert M. Lee for measured and sensible analysis, as should you - if your number one source for information is mainstream media, you won't get insights, you'll get clickbait.

With that in mind, the elephant in the room is the 2016 US. The election, something which those not directly involved in intelligence, be it cyber or policy will still be closely unpicking. I recommend the following content for insights how the 'fake news' - and i still can't say that phrase with a straight face, helped undermine the political agenda.

Some of these are incredibly long-winded and contain quite a lot of personal sentiment, but if you can decipher that and understand the underlying themes in that disinformation played a significant part in the U.S Election you'll understand what a weapon social media has become and why, as a 'Cyber Threat' analyst, you'll be required to place extremely close attention to it.

Cambridge Analytica

tl:dr - big data manipulated everyone.

The Plot to Hack America by Malcom Nance

tl:dr - Coincidence takes a lot of hard work, Also - Russia sought to manipulate the election by way of a number methods including social media propaganda, hacking of DNC emails and strategically placed adverts

Is Ukraine the Test Lab for Russian - Wired

tl:dr - Attackers gained access to critical systems, excellent analysis from Dragos here