Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
13 résultats taggé FSB  ✕
Telegram, the FSB, and the Man in the Middle https://istories.media/en/stories/2025/06/10/telegram-fsb/
11/06/2025 16:22:18
QRCode
archive.org
thumbnail

The technical infrastructure that underpins Telegram is controlled by a man whose companies have collaborated with Russian intelligence services. An investigation by IStories

Telegram, the wildly popular chat and messaging app, is the pride of the Russian IT industry. According to Pavel Durov, the enigmatic entrepreneur who created the service twelve years ago, it now has over a billion monthly active users around the world.

Among the reasons for this success is Telegram’s reputation for security, coupled with Durov’s image as a free speech champion who has defied multiple governments.

“Unlike some of our competitors, we don’t trade privacy for market share,” he wrote this April. “In its 12-year history, Telegram has never disclosed a single byte of private messages.”

But IStories’ new investigation reveals a critical vulnerability.

When we investigated who controls the infrastructure that keeps Telegram’s billions of messages flowing, we found a man with no public profile but unparalleled access: Vladimir Vedeneev, a 45-year-old network engineer.

Vedeneev owns the company that maintains Telegram’s networking equipment and assigns thousands of its IP addresses. Court documents show that he was granted exclusive access to some of Telegram’s servers and was even empowered to sign contracts on Telegram’s behalf.

There is no evidence that this company has worked with the Russian government or provided any data. But two other closely linked Vedeneev companies — one of which also assigns Telegram IP addresses, and another which did so until 2020 — have had multiple highly sensitive clients tied to the security services. Among their clients is the FSB intelligence agency; a secretive “research computing center” that helped plan the invasion of Ukraine and developed tools to deanonymize internet users; and a flagship state-owned nuclear research laboratory.

Without you, there is no us
Support IStories — it helps us to continue telling the truth
Donate
“If true, this reporting highlights the dangerous disconnect between what many believe about Telegram’s security and privacy features, and the reality," said John Scott-Railton, a Senior Researcher at The Citizen Lab. "When people don't know what is actually going on, but assume they have metadata privacy, they can unknowingly make risky choices, bringing danger to themselves and the people they’re communicating with. This is doubly true if the Russian government sees them as a threat."

A Ukrainian IT specialist who spoke with IStories on condition of anonymity said that the Russian military has used “man-in-the-middle” type surveillance in his country after capturing network infrastructure.

"You get physical access to the data transmission channel and install your equipment there,” he said. “In such an attack, the hackers aren’t even interested so much in the user's correspondence. They get metadata to analyze. And that means IP addresses, user locations, who exchanges data packets with whom, the kind of data it is… really, all possible information.”

Durov is currently under investigation in France after being arrested last August on charges related to the circulation of illegal content on Telegram. The company has since implemented a number of measures to crack down and step up its collaboration with the authorities. Durov has been released under judicial supervision and is allowed to travel.

He did not reply to requests for comment. Vedeneev spoke with IStories but declined to make any of his comments public.

istories.media 2025 EN Telegram FSB Russia contrctor investigation
NGO warns FSB has gained access to Russians’ communication with Ukrainian Telegram channel bots — Novaya Gazeta Europe https://novayagazeta.eu/articles/2025/06/07/ngo-warns-fsb-has-gained-access-to-russians-communication-with-ukrainian-telegram-channel-bots-en-news
09/06/2025 23:43:53
QRCode
archive.org
thumbnail

Russia’s Federal Security Service (FSB) has learned to intercept messages sent by Russians to bots or feedback accounts associated with certain Ukrainian Telegram channels, potentially exposing anyone communicating with such outlets to treason charges, Russian human rights NGO First Department warned on Friday.

Russia’s principal domestic intelligence agency has gained access to correspondence made with Ukrainian Telegram channels including Crimean Wind and Vision Vishnun, according to First Department, which said that the FSB’s hacking of Ukrainian Telegram channels had come about during a 2022 investigation into the Ukrainian intelligence agencies “gathering information that threatens the security of the Russian Federation” via messengers and social networks including Telegram.

The case is being handled by the FSB’s investigative department, though no suspects or defendants have been named in the case, according to First Department.

When the FSB identifies individual Russian citizens who have communicated with or transmitted funds to certain Ukrainian Telegram channels, it contacts the FSB office in their region, which then typically opens a criminal case for treason against the implicated person.

“We know that by the time the defendants in cases of ‘state treason’ are detained, the FSB is already in possession of their correspondence. And the fact that neither defendants nor a lawyer are named in the main case allows the FSB to hide how exactly it goes about gaining access to that correspondence,” First Department said.

novayagazeta EN Russia Telegram FSB intercept
Ransom-War and Russian Political Culture: Trust, Corruption, and Putin's Zero-Sum Sovereignty https://nattothoughts.substack.com/p/ransom-war-conclusion-trust-corruption
02/05/2025 11:55:17
QRCode
archive.org

Recent Western government revelations about EvilCorp flesh out how Russian ransomware actors and the Russian government use each other to navigate a world they perceive as dangerous.

Note added April 30 2025:

Originally posted October 16, 2024 in a very different global geopolitical context, this analysis remains relevant today. Subsequent revelations, especially a set of leaked messages from the Black Basta group – a successor to the Conti group – reaffirm the complexity of relations between Russian ransomware actors and security officials. (The Natto Team discussed the value of leaks here). The Black Basta leaks show that group's members as:

 Receiving Protection: Black Basta chief “Tramp” – who chose as his moniker the Russian version of the current US president’s name – boasted of receiving high-level help from Russian authorities after Armenian officials arrested him in June 2024.   

But Still Vulnerable: Tramp speculated in July 2024 that someone from their circle had snitched on him, “tempted” by the rewards the US State Department has offered for information on Tramp. He also received tipoffs from criminal acquaintances and from “my law enforcement people,” telling him that Russian officials faced international pressure to crack down on Russian cybercriminals: “those who get paid by Interpol here will start making our lives hell.” In September 2024, Black Basta coder “YY” told Tramp that Russian officials had raided YY's home, impounded his car, and “marinated” him in custody for a time. 

 Under Pressure to Work for the Russian State: ​​In a November 14 2022 chat, “Tramp” said, “I have guys in Lubyanka [FSB headquarters] and the GRU [military intelligence agency] – I have been “feeding” them for a long time. They only want to take people on to work for them. They won’t even talk about [prison] sentences or anything. You can go in to work every day at 8 am and leave at 6 pm, just like in a ‘white’ [legitimate] job.” 

 Tracking Geopolitics: In May 2024, after Black Basta paralyzed IT systems at US-based Ascension Healthcare, Black Basta ransom negotiator “Tinker” pondered the group's extortion strategy in light of US election-year politics. He mused that, if anyone died as a result of the group’s attack on a healthcare entity – particularly a Christian hospital system like Ascension – US citizens would demand that their government do whatever it took to induce Russia to crack down on the criminals. Tinker speculated that the Joe Biden administration might make serious concessions to Russia, such as reducing military aid to Ukraine, in return for Russia’s cracking down on the criminals. 

For the Natto Team’s own assessment of Russian-US “ransomware diplomacy,” see here and here.

It will be interesting to observe how Russian cybercriminals interpret recent developments in US-Russian relations.

nattothoughts EN 2025 Russia leaks Black Black-Basta FSB Tramp
U.S., Microsoft seize over 100 websites allegedly used by Russian spies https://www.nbcnews.com/tech/security/us-microsoft-seize-100-websites-allegedly-used-russian-spies-rcna173784
10/10/2024 22:27:09
QRCode
archive.org
thumbnail

The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.

nbcnews EN 2024 FBI domains US Russia spies FSB espionnage
DOJ, Microsoft seize more than 100 domains used by the FSB https://cyberscoop.com/doj-microsoft-fsb-espionage-star-blizzard/
06/10/2024 23:25:09
QRCode
archive.org
thumbnail

The simultaneous actions targeted the Star Blizzard espionage operation, which targeted government and civil society around the world.

cyberscoop EN 2024 DOJ Microsoft FSB domains seized
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
08/12/2023 08:01:26
QRCode
archive.org

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity.

The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ) assess that Star Blizzard is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18.

cisa EN 2023 US Russia FSB Star-Blizzard SEABORGIUM spear-phishing attacks UK
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador https://therecord.media/uk-names-fsb-unit-behind-hack-and-leak-operation
07/12/2023 21:07:59
QRCode
archive.org
thumbnail

The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.

therecord EN 2023 UK Russia FSB hack-and-leak cyberattacks
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service https://www.justice.gov/usao-edny/pr/justice-department-announces-court-authorized-disruption-snake-malware-network
10/05/2023 10:19:07
QRCode
archive.org
thumbnail

“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes.  Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace.  “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”

justice.gov US 2023 EN Operation-MEDUSA Snake Malware Network FBI cyberespionage espionnage PERSEUS Russia FSB
Hunting Russian Intelligence “Snake” Malware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
10/05/2023 09:59:47
QRCode
archive.org

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.

cisa EN 2023 Snake Malware Russia Intelligence FSB espionnage implant PERSEUS
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company https://zetter.substack.com/p/leaked-pentagon-document-claims-russian
09/04/2023 22:16:55
QRCode
archive.org
thumbnail

The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.

Zetter EN 2023 FSB pipeline Russia hack FSB Zarya
Meet the FSB contractor: 0Day Technologies https://clement-briens.com/2023/04/01/meet-the-fsb-contractor-0day-technologies/
03/04/2023 07:18:41
QRCode
archive.org
thumbnail

An investigation into the FSB’s digital surveillance and disinformation contractor

clement-briens EN 2023 FSB Russia investigation disinformation contractor
Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them https://www.direkt36.hu/en/putyin-hekkerei-is-latjak-a-magyar-kulugy-titkait-az-orban-kormany-evek-ota-nem-birja-elharitani-oket/
31/03/2022 14:59:02
QRCode
archive.org
thumbnail

On December 30, 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Order of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe, includes the inscription “Peace and Friendship” in Cyrillic on the back, is the highest Russian state decoration that can be awarded to a foreigner.

Direkt36 Hungary EN 2022 Russia cyberattack FSB ministry
The Elite Hackers of the FSB https://interaktiv.br.de/elite-hacker-fsb/en/index.html
18/02/2022 13:16:26
QRCode
archive.org
thumbnail

For almost two decades, hackers with Snake have been forcing their way into government networks. They are considered one of the most dangerous hacker groups in the world. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR  have discovered some clues, and they all lead to the Russian secret service FSB.

FSB turla hackers osint recherche EN 2022 BR german attribution
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio