Oleg Shakirov
@shakirov2036.bsky.social
I study Russian foreign policy, cyber security, arms control
Pinned
Agenda — CYBERWARCON
Agenda
cyberwarcon.com
I'm presenting at @cyberwarcon.bsky.social this year, November 19!
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Some of @ridt.bsky.social's tweets are preserved as historical heritage in edited volume citations
November 4, 2025 at 8:00 PM
Some of @ridt.bsky.social's tweets are preserved as historical heritage in edited volume citations
Reposted by Oleg Shakirov
The most informed take from Russia so far on drone warfare (and by extension digital warfare) from former Chief of General Staff Yury Baluevskiy & Ruslan Pukhov of CAST
TL;DR: drones are indeed revolutionizing & militaries will need to adapt
globalaffairs.ru/articles/czi...
TL;DR: drones are indeed revolutionizing & militaries will need to adapt
globalaffairs.ru/articles/czi...
October 31, 2025 at 12:11 AM
The most informed take from Russia so far on drone warfare (and by extension digital warfare) from former Chief of General Staff Yury Baluevskiy & Ruslan Pukhov of CAST
TL;DR: drones are indeed revolutionizing & militaries will need to adapt
globalaffairs.ru/articles/czi...
TL;DR: drones are indeed revolutionizing & militaries will need to adapt
globalaffairs.ru/articles/czi...
Russian authorities arrested 3 men in Astrakhan for creating 'the infamous Medusa virus' (probably Medusa stealer), acc. to the Ministry of Interior. In May they allegedly targeted an org in that region
They are also linked to another unnamed malware
t.me/IrinaVolk_MV...
They are also linked to another unnamed malware
t.me/IrinaVolk_MV...
October 30, 2025 at 3:39 PM
Russian authorities arrested 3 men in Astrakhan for creating 'the infamous Medusa virus' (probably Medusa stealer), acc. to the Ministry of Interior. In May they allegedly targeted an org in that region
They are also linked to another unnamed malware
t.me/IrinaVolk_MV...
They are also linked to another unnamed malware
t.me/IrinaVolk_MV...
Reposted by Oleg Shakirov
NEW: The CEO of Memento Labs admits the spyware found by security researchers targeting Windows victims in Russia was his company's.
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executi...
techcrunch.com
October 29, 2025 at 4:42 PM
NEW: The CEO of Memento Labs admits the spyware found by security researchers targeting Windows victims in Russia was his company's.
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
New draft resolution (by Austria, El Salvador, Kazakhstan, Kiribati, Malta, & Mexico) urges NWS to publish policies "explicitly affirming and operationalizing that [C3] systems of nuclear weapons that integrate [AI] will remain subject to human control"
digitallibrary.un.org/record/4091455
digitallibrary.un.org/record/4091455
October 28, 2025 at 3:06 PM
New draft resolution (by Austria, El Salvador, Kazakhstan, Kiribati, Malta, & Mexico) urges NWS to publish policies "explicitly affirming and operationalizing that [C3] systems of nuclear weapons that integrate [AI] will remain subject to human control"
digitallibrary.un.org/record/4091455
digitallibrary.un.org/record/4091455
Speaking of Grokipedia, Russian authorities have long complained about Wikipedia's biases & promoted several sovereign alternatives incl. Ruwiki (ruwiki.ru) which was forked from Wikipedia & then 'properly' edited. It also uses AI by the way
October 28, 2025 at 2:24 AM
Speaking of Grokipedia, Russian authorities have long complained about Wikipedia's biases & promoted several sovereign alternatives incl. Ruwiki (ruwiki.ru) which was forked from Wikipedia & then 'properly' edited. It also uses AI by the way
Earlier research on the same threat actor that used Dante reported today by Kaspersky
Dr. Web first found malware w/ the DANTEMARK label st.drweb.com/static/new-w...
F6 called it Dante APT www.f6.ru/cybercrime-t...
PT linked ForumTroll w/ a few other clusters global.ptsecurity.com/en/research/...
Dr. Web first found malware w/ the DANTEMARK label st.drweb.com/static/new-w...
F6 called it Dante APT www.f6.ru/cybercrime-t...
PT linked ForumTroll w/ a few other clusters global.ptsecurity.com/en/research/...
October 27, 2025 at 7:54 PM
Earlier research on the same threat actor that used Dante reported today by Kaspersky
Dr. Web first found malware w/ the DANTEMARK label st.drweb.com/static/new-w...
F6 called it Dante APT www.f6.ru/cybercrime-t...
PT linked ForumTroll w/ a few other clusters global.ptsecurity.com/en/research/...
Dr. Web first found malware w/ the DANTEMARK label st.drweb.com/static/new-w...
F6 called it Dante APT www.f6.ru/cybercrime-t...
PT linked ForumTroll w/ a few other clusters global.ptsecurity.com/en/research/...
Kaspersky discovered Dante, spyware from Memento Labs (ex-HackingTeam), used by an APT (dubbed ForumTroll) in attacks targeting Russia & Belarus since 2022
securelist.com/forumtroll-a...
securelist.com/forumtroll-a...
Mem3nt0 mori – The Hacking Team is back!
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
securelist.com
October 27, 2025 at 4:58 AM
Kaspersky discovered Dante, spyware from Memento Labs (ex-HackingTeam), used by an APT (dubbed ForumTroll) in attacks targeting Russia & Belarus since 2022
securelist.com/forumtroll-a...
securelist.com/forumtroll-a...
Taking metro in DC makes you think about mission-critical, AI-driven, battlefield-proven solutions to everyday problems
October 25, 2025 at 5:16 PM
Taking metro in DC makes you think about mission-critical, AI-driven, battlefield-proven solutions to everyday problems
The UN Convention against Cybercrime was signed by 63 states & the EU. These include Russia, China, United Kingdom, 12 EU member states, Brazil, Australia, many from Africa, Latin America, South & Southeast Asia.
No signatures from the United States, France, Germany, India
No signatures from the United States, France, Germany, India
October 25, 2025 at 6:24 AM
The UN Convention against Cybercrime was signed by 63 states & the EU. These include Russia, China, United Kingdom, 12 EU member states, Brazil, Australia, many from Africa, Latin America, South & Southeast Asia.
No signatures from the United States, France, Germany, India
No signatures from the United States, France, Germany, India
As I noted before (bsky.app/profile/shak...), MSS's emphasis on potentially destructive consequences of the attack on the National Time Service Center was likely a response to U.S. accusations regarding Volt Typhoon
Now the Chinese MFA says this explicitly www.fmprc.gov.cn/mfa_eng/xw/f...
Now the Chinese MFA says this explicitly www.fmprc.gov.cn/mfa_eng/xw/f...
October 24, 2025 at 5:56 PM
As I noted before (bsky.app/profile/shak...), MSS's emphasis on potentially destructive consequences of the attack on the National Time Service Center was likely a response to U.S. accusations regarding Volt Typhoon
Now the Chinese MFA says this explicitly www.fmprc.gov.cn/mfa_eng/xw/f...
Now the Chinese MFA says this explicitly www.fmprc.gov.cn/mfa_eng/xw/f...
Singapore submitted draft resolution to the First Committee on establishing a successor to OEWG, Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible State behaviour in the use of ICTs
digitallibrary.un.org/record/40909...
digitallibrary.un.org/record/40909...
October 21, 2025 at 8:31 PM
Singapore submitted draft resolution to the First Committee on establishing a successor to OEWG, Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible State behaviour in the use of ICTs
digitallibrary.un.org/record/40909...
digitallibrary.un.org/record/40909...
Some thoughts on Chinese accusations against the NSA
There're two sources:
— the MSS statement (a shorter, more political one) mp.weixin.qq.com/s/ZtKjlaIoMV...
— the CNCERT/CC report (technical analysis) mp.weixin.qq.com/s/XPjT0BVOJP...
These reports present the breach a bit differently
1/11
There're two sources:
— the MSS statement (a shorter, more political one) mp.weixin.qq.com/s/ZtKjlaIoMV...
— the CNCERT/CC report (technical analysis) mp.weixin.qq.com/s/XPjT0BVOJP...
These reports present the breach a bit differently
1/11
October 21, 2025 at 12:44 AM
Some thoughts on Chinese accusations against the NSA
There're two sources:
— the MSS statement (a shorter, more political one) mp.weixin.qq.com/s/ZtKjlaIoMV...
— the CNCERT/CC report (technical analysis) mp.weixin.qq.com/s/XPjT0BVOJP...
These reports present the breach a bit differently
1/11
There're two sources:
— the MSS statement (a shorter, more political one) mp.weixin.qq.com/s/ZtKjlaIoMV...
— the CNCERT/CC report (technical analysis) mp.weixin.qq.com/s/XPjT0BVOJP...
These reports present the breach a bit differently
1/11
I've updated my list of TI reports on threat actors targeting Russia. It now features around 190 reports on 55 groups. Most actors are not reliably linked to a specific state, but among those that are the two top origins are China and Ukraine
cyberguerre.notion.site/3ca6753fc47d...
cyberguerre.notion.site/3ca6753fc47d...
October 13, 2025 at 1:29 PM
I've updated my list of TI reports on threat actors targeting Russia. It now features around 190 reports on 55 groups. Most actors are not reliably linked to a specific state, but among those that are the two top origins are China and Ukraine
cyberguerre.notion.site/3ca6753fc47d...
cyberguerre.notion.site/3ca6753fc47d...
Since it's still Cybersecurity Awareness Month, I think more people should be aware that the French call hackers 'pirates' (or 'pirates informatiques' to be more specific) and hacking 'piratage.' And I think it's beautiful!
October 12, 2025 at 11:42 PM
Since it's still Cybersecurity Awareness Month, I think more people should be aware that the French call hackers 'pirates' (or 'pirates informatiques' to be more specific) and hacking 'piratage.' And I think it's beautiful!
I'm presenting at @cyberwarcon.bsky.social this year, November 19!
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Agenda — CYBERWARCON
Agenda
cyberwarcon.com
October 8, 2025 at 7:04 PM
I'm presenting at @cyberwarcon.bsky.social this year, November 19!
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Come for big names, stay for my obscure stories about cyber aspects of drone warfare.
cyberwarcon.com/agenda-25
Putin recently said that Russia requested twice to join NATO (in 1954 & 2000). Actually that happened multiple times including when Russia was not in the best shape
See here on Yeltsin's appeal in late 1991, days before the collapse of the Soviet Union
www.washingtonpost.com/archive/poli...
See here on Yeltsin's appeal in late 1991, days before the collapse of the Soviet Union
www.washingtonpost.com/archive/poli...
October 6, 2025 at 5:28 PM
Putin recently said that Russia requested twice to join NATO (in 1954 & 2000). Actually that happened multiple times including when Russia was not in the best shape
See here on Yeltsin's appeal in late 1991, days before the collapse of the Soviet Union
www.washingtonpost.com/archive/poli...
See here on Yeltsin's appeal in late 1991, days before the collapse of the Soviet Union
www.washingtonpost.com/archive/poli...
Nothing makes you more aware of cyber security than the shortage of Asahi beer
Happy Cybersecurity Awareness Month!
Happy Cybersecurity Awareness Month!
October 4, 2025 at 11:59 PM
Nothing makes you more aware of cyber security than the shortage of Asahi beer
Happy Cybersecurity Awareness Month!
Happy Cybersecurity Awareness Month!
Over past couple of days Russian media claimed that Russian drone strike hit a scam call center in Dnipro. Here are my review of the coverage and quick analysis of whether Russia now considers scammers a legitimate military target (probably not)
fromcyberia.substack.com/p/did-russia...
fromcyberia.substack.com/p/did-russia...
Did Russia Attack a Ukrainian Scam Call Center?
Russian media—albeit not the officials—claim that a drone strike on Dnepropetrovsk (Dnipro) hit an office building that housed scammers.
fromcyberia.substack.com
October 3, 2025 at 7:38 AM
Over past couple of days Russian media claimed that Russian drone strike hit a scam call center in Dnipro. Here are my review of the coverage and quick analysis of whether Russia now considers scammers a legitimate military target (probably not)
fromcyberia.substack.com/p/did-russia...
fromcyberia.substack.com/p/did-russia...
How is this real...
October 1, 2025 at 5:17 PM
How is this real...
Kudos to Microsoft & Cloudflare for taking action against RaccoonO365
Here's the link to relevant legal files with a bunch of seized domains & other interesting details (via Health ISAC)
noticeofpleadings.com/RaccoonO365/
Here's the link to relevant legal files with a bunch of seized domains & other interesting details (via Health ISAC)
noticeofpleadings.com/RaccoonO365/
September 16, 2025 at 10:37 PM
Kudos to Microsoft & Cloudflare for taking action against RaccoonO365
Here's the link to relevant legal files with a bunch of seized domains & other interesting details (via Health ISAC)
noticeofpleadings.com/RaccoonO365/
Here's the link to relevant legal files with a bunch of seized domains & other interesting details (via Health ISAC)
noticeofpleadings.com/RaccoonO365/
APT or Another Phishing Training?
Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...
Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...
This looks plausible:
1/2
Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...
Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...
This looks plausible:
1/2
September 6, 2025 at 3:27 PM
APT or Another Phishing Training?
Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...
Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...
This looks plausible:
1/2
Seqrite reported an attack on the Kazakhstani oil company KazMunayGas attributed to a new group NoisyBear www.seqrite.com/blog/operati...
Yet the company later argued that this was a simulated attack orda.kz/planovoe-mer...
This looks plausible:
1/2
defense.gov now redirects to war.gov, but the page won't load at the moment
September 5, 2025 at 8:37 PM
defense.gov now redirects to war.gov, but the page won't load at the moment