State of Statecraft (SOS) is a new security and intelligence conference that brings together experts on espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored operations.
APT28 🤝 war crimes
Extending the veneer of grassroots activism «by default» to an entire category of threat activity routinely orchestrated (if not carried out directly) by intelligence agencies is just flat out irresponsible at this point.
I beg of you: stop using the label "hacktivism".
... maybe Teams isn't so bad
Short thread (hopefully in plain English) on the nuclear deterrence dynamics in the India-Pakistan relationship and where this goes if escalation continues. <1>
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
Finally
Credibility of claims aside, the slow creep toward direct mirroring of US public attribution has reached its final stop:
www.reuters.com/technology/c...
This is very cool. "Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at breaking the Soviet Diplomatic Code?" www.tandfonline.com/doi/abs/10.1...
Incredibly important piece here, bravo @lhn.bsky.social and @agreenberg.bsky.social
www.wired.com/story/signal...
In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. 5/
The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 3/
One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: npr.org/2025/03/25/n.... 2/
It's never a bad time to take a look at your online accounts and see if you spot a weird device or login.
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
Russia's intelligence services have spent time and resources to develop Signal-specific tradecraft because it is best-in-class for secure communications.
It is Signal's lack of vulnerability that makes the app the high priority target that it is.
It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
We are looking for a motivated Research Analyst to join our cyber and tech team at @rusi.bsky.social. You need to be able to work in London. Full job spec below 👇
royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...
Developing low visibility, low signature forms of compromise for signal accounts is a clear area of investment for Russia's services as well.
Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.
cloud.google.com/blog/topics/...
Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the communications of anyone opposed to that administration, big piles of NGOs, and millions of “ordinary” folks to boot.
For no reason at all, re-upping this blog from @danwblack.bsky.social, which shows the high interest that Russian APTs have in getting access to Signal messages.
cloud.google.com/blog/topics/...
Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations By Bill Marczak, John Scott-Railton, Kate Robertson, Astrid Perry, Rebekah Brown, Bahr Abdul Razzak, Siena Anstis, and Ron Deibert March 19, 2025 Clicca qui per leggere un riassunto del report in italiano. Key Findings Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for. Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Identifying a Possible Canadian Paragon Customer. Our investigation surfaced potential links between Paragon Solutions and the Canadian Ontario Provincial Police, and found evidence of a growing ecosystem of spyware capability among Ontario-based police services. Helping WhatsApp Catch a Zero-Click. We shared our analysis of Paragon’s infrastructure with Meta, who told us that the details were pivotal to their ongoing investigation into Paragon. WhatsApp discovered and mitigated an active Paragon zero-click exploit, and later notified over 90 individuals who it believed were targeted, including civil society members in Italy. Please drop me a reply or note letting me know if this alt text helps you.
Android Forensic Analysis: Italian Cluster. We forensically analyzed multiple Android phones belonging to Paragon targets in Italy (an acknowledged Paragon user) who were notified by WhatsApp. We found clear indications that spyware had been loaded into WhatsApp, as well as other apps on their devices. A Related Case of iPhone Spyware in Italy. We analyzed the iPhone of an individual who worked closely with confirmed Android Paragon targets. This person received an Apple threat notification in November 2024, but no WhatsApp notification. Our analysis showed an attempt to infect the device with novel spyware in June 2024. We shared details with Apple, who confirmed they had patched the attack in iOS 18. Other Surveillance Tech Deployed Against The Same Italian Cluster. We also note 2024 warnings sent by Meta to several individuals in the same organizational cluster, including a Paragon victim, suggesting the need for further scrutiny into other surveillance technology deployed against these individuals. Please drop me a note /reply letting me know if this alt text helps you.
🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...
Known targets: Activists & journalists.
We also found deployments around the world. Including ... #Canada?
And a lot more... Thread on our @citizenlab.ca investigation 1/
citizenlab.ca/2025/03/a-fi...
Gorbachev believed the Soviet Union had to reform or die. But his reforms were so incoherent and inconsistent, yet persistent, he wound up destroying the USSR-something practically no one when he started thought was a possible outcome.
One of things I miss the most now that I'm fully remote is the old in-office nerding out about what was in the news.
This podcast has really helped to fill that void. Highly recommend.
Our new leader. The @economist.com has always been staunchly Transatlanticist. We don't say this lightly: "Europe must prepare to be abandoned or extorted. Not to prepare for that could leave Europe vulnerable to Russia and to an increasingly hostile America" www.economist.com/leaders/2025...
⚡️Russia launches largest drone attack since start of full-scale invasion.
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost out of a total of 267 drones launched by Russia, the Ukrainian Air Force said.
Ransom War: How Cyber Crime Became a Threat to National Security is officially out in Europe today! Thanks to everyone who helped make this possible. It has been a fascinating research journey.
www.amazon.co.uk/Ransom-War-B...
“A key finding is that tactical drones are inflicting roughly two-thirds of Russian losses…twice as effective as every other weapon in the Ukr arsenal put together…remarkable…for weapons which did not officially exist in the Ukr mil at start of the war” www.forbes.com/sites/davidh...
Regarding the anatomy of what is now a highly consequential disinformation narrative: has anyone sourced where the claim that Zelenskyy has four percent approval ratings originates from?
I feel like that point has maybe been underappreciated about this historic era we're living through. Governance not just by the historically wealthy, but by people consumed by mass, often shared delusions. People have always been wrong on some facts, but not sure it's ever been quite like this.
