[HN Gopher] The GRU's Disruptive Playbook
       ___________________________________________________________________
        
       The GRU's Disruptive Playbook
        
       Author : anigbrowl
       Score  : 54 points
       Date   : 2023-10-12 17:13 UTC (3 hours ago)
        
 (HTM) web link (www.mandiant.com)
 (TXT) w3m dump (www.mandiant.com)
        
       | denton-scratch wrote:
       | I skimmed this.
       | 
       | I had to look up "wiper".
       | 
       | TL;DR the GRU first find a vulnerability, and break in; then they
       | consolidate their bridgehead; then they create havoc, either by
       | destroying static data, or by sending bogus information using
       | bogus personas.
       | 
       | This doesn't sound like something I didn't already know.
        
       | vanderZwan wrote:
       | > _Going for the GPO: Creating persistent, privileged access from
       | which wipers can be deployed via group policy objects (GPO) using
       | a tried-and-true PowerShell script._
       | 
       | So they specifically target Windows machines only? Or is that
       | just the biggest attack vector and therefore easiest to do
       | repeatedly?
        
       ___________________________________________________________________
       (page generated 2023-10-12 21:01 UTC)