Andy GreenbergVerified account

@a_greenberg

Writer for WIRED. Author of SANDWORM: A new era of cyberwar and the hunt for the Kremlin's most dangerous hackers. agreenberg@wired.com Signal: +1 347-560-4260

New York
Joined April 2007

Tweets

You blocked @a_greenberg

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @a_greenberg

  1. Pinned Tweet

    Three years ago I learned of a group of hackers hitting Ukraine with relentless, disruptive cyberattacks—with effects that would soon spread globally. Today, my book that tells the story of that first true cyberwar is out: SANDWORM. I hope you'll read it.

    Undo
  2. I know everyone else read it a year ago, but I'm approaching the end of "Say Nothing" by and haven't felt this reluctant to finish a book in a long time. Any recommendations of another nonfiction book that is this perfectly reported/written and so compelling?

    Undo
  3. After 18 months, Intel is still trying to fix a security flaw in its chips known as MDS or "ZombieLoad"—now with a THIRD patch to cover yet another variant of the attack. Researchers point out they told Intel about the second & third variants a year ago.🤔

    Undo
  4. "Until Russia recommits to a rules-based international order, Western nations are in jeopardy. Ukraine is the front line."

    Undo
  5. Sec of State Pompeo asked "Do you think Americans care about Ukraine?" Sec of State Tillerson asked in 2017 "Why should American taxpayers be interested in Ukraine?" The Trump White House has now made pretty clear: It doesn't care about Ukraine.

    Undo
  6. At the first hacking contest to focus on industrial control systems, hackers demonstrated at least one zero-day in all eight software targets. Which, considering the power grids, refineries and factories this code controls, is a little disturbing.

    Undo
  7. Retweeted

    The privacy paranoid among us have long worried that all of our online photos would be scraped to create a universal face recognition app. My friends, it happened and it’s here:

    Show this thread
    Undo
  8. Retweeted
    Jan 17

    I know big architectural changes like that take a while in the automotive space, but I was hoping to see some change after our research was presented 5 years ago. Architecture looks identical between 2014 and 2020 model.

    Show this thread
    Undo
  9. Retweeted
    Jan 17

    You may recall me and hacked a 2014 Jeep Cherokee. We chose that car because it had no gateway module between the telematics module and the modules with physical controls. I just looked at the 2020 model, there is still no gateway module.

    Show this thread
    Undo
  10. Really appreciate how has chosen to promote the book talk I'm giving there in April:

    Undo
  11. Next week I'll be talking about SANDWORM on stage with at S4, a conference I've always wanted to attend. If you're there, come say hi!

    Undo
  12. Bulgarian investigative site Bivol digs in here on the hosting providers used by Sandworm/GRU in its hacking operations that include targeting the 2018 Olympics, the 2017 French election, the Ukrainian power grid, and NotPetya:

    Undo
  13. To be clear, I'm not arguing that this *wasn't* GRU. They're by far the most likely suspect. But for a story this politically fraught, the certainty of attribution really, really matters.

    Show this thread
    Undo
  14. "Moderate confidence" is not the kind of certainty the Times story conveys. But to be fair we don't know what else , who seems to be the Times' main source on this, might have. (I don't see much more in their report here: )

    Show this thread
    Undo
  15. ThreatConnect's has a thread here on his own analysis of the domains used in this phishing campaign. They concluded with only "moderate confidence" that this was APT28/Fancy Bear (i.e. GRU)

    Show this thread
    Undo
  16. It would be good to see some more evidence of the GRU’s fingerprints on this. But given the political value of Burisma as a hack-and-leak target and Russia’s national pastime of penetrating Ukrainian networks, nothing in the world would make more sense.

    Show this thread
    Undo
  17. Facebook gave a talk at , and the big takeaway is its grand mission to end-to-end encrypt all messaging by default (particularly for Facebook Messenger's billion-plus users) faces huge technical challenges and is still multiple years away.

    Undo
  18. For those anticipating Iranian cyberattacks, another nugget from Dragos: Iranian hackers APT33 have been probing US electric utilities and oil/gas firms with "password spraying" attacks for the last year, and a related group has been trying VPN exploits.

    Undo
  19. Retweeted

    Saudi Arabia discovered new destructive malware with Iranian fingerprints on the same day that the U.S. killed Soleimani.

    Undo
  20. Retweeted
    Jan 7

    We do not have to accept that the US must respond. We have agency- we must insist that our country de-escalate.

    Undo
  21. Retweeted
    Jan 5

    Some coalescing thoughts on Iran's cyber capability. The first is that while cyberattack (disruption/destruction) is on the table, the most consequential capability may be cyber espionage. There will be cyber espionage against gov/mil targets as well as personnel of interest. 1/x

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·