The Hybrid Threats Podcast

This episode delves into the weekly cybersecurity update from CERT SE for week 525. Link: https://www.cert.se/2025/06/cert-se-veckobrev-v25.html

This episode covers a new FOI report that offers an empirically grounded analysis of Ukrainian strategic communication during the 2023–2024 phase of the Russo-Ukrainian war, aiming to identify general lessons for wartime communication in democratic states. It examines the evolution of Ukraine's communication efforts, from initial formalisation to adapting under chaotic invasion conditions. It highlights challenges like war fatigue, information vacuums, and the struggle to maintain global attention.The report also explores Russian information manipulation tactics (dismiss, distort, distract, dismay, divide) and Ukraine's use of offensive communication, ultimately concluding that effective strategic communication is a critical tool but not a standalone solution to war, requiring agility, transparency, and a nuanced understanding of diverse audiences and evolving information environments.Link: https://www.foi.se/rapportsammanfattning?reportNo=FOI-R--5758--SE

This episode details a joint report from Dutch intelligence services, the AIVD and MIVD, that reveals the identification of a new, likely Russian state-supported cyber threat actor named LAUNDRY BEAR, also tracked by Microsoft as Void Blizzard. This group has been targeting Western government organizations and defense-related entities since 2024 through relatively simple, yet effective, methods including exploiting valid accounts and password spraying to access email and retrieve sensitive data, demonstrating a high success rate in espionage activities. The report also provides technical details on LAUNDRY BEAR's tactics and offers a range of mitigation strategies to enhance organizational resilience against these threats.

This episode details the findings of an investigation into coordinated inauthentic behavior (CIB) networks by Meta. Their First Quarter (-25) Adversarial Threat Report focused on operations originating in China, Iran, and Romania, which used fake accounts across multiple online platforms. Each network targeted specific regions with content designed to manipulate public discourse, often reposting news and current events. The report outlines the tactics and threat indicators associated with these operations, including the acquisition of accounts and strategies for disguising their identities and engaging with audiences. Ultimately, these networks were disrupted before they could establish a significant presence.

This episode delves into the landscape of hybrid threats as seen in the CERT-SE report for week 22, 2025, highlighting how cyber operations are now a central tool in this complex domain where peace and conflict blur. The report provides a snapshot of national and international cyber incidents and trends. Several key themes emerged, including persistent state-sponsored activity, the vulnerability of critical national infrastructure, the evolving tactics of cybercriminals, and ongoing efforts to bolster cyber defenses.

In this episode we're diving into a joint cybersecurity advisory highlighting a significant state-sponsored cyber campaign. This report comes from multiple international cybersecurity agencies, including the United States NSA, FBI, and CISA, the UK's NCSC, and agencies from Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France, and the Netherlands. The advisory details a campaign conducted by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), specifically military unit 26165. This unit, known in the cybersecurity community by names like APT28 and Fancy Bear, has been targeting Western logistics entities and technology companies since 2022. The campaign is described as cyber espionage-oriented and has targeted entities involved in the coordination, transport, and delivery of foreign assistance to Ukraine. It utilizes a mix of previously known tactics, techniques, and procedures and is likely connected to wide-scale targeting of IP cameras in Ukraine and bordering NATO nations, potentially to track aid shipments. This elevated risk of targeting means executives and network defenders in these sectors should increase monitoring and strengthen network defenses.

Dive into the world of hybrid threats with our latest episode, uncovering the hidden operations of a state-backed foundation advancing the Kremlin's agenda abroad. Based on tens of thousands of internal emails obtained by journalists, this report reveals how "Pravfond," the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad, operates under the banner of providing legal aid to Russians in trouble overseas. The investigation shows that for years, Pravfond has funded the legal defense of alleged spies, criminals, and propagandists, while also backing propaganda outlets and working closely with intelligence operatives. This includes supporting individuals accused of anti-state activities against countries like Latvia and Lithuania, funding pro-Russian narratives, and establishing networks of influence. The sources highlight how Pravfond views Russians abroad as a significant force and seeks to turn them into agents of the Kremlin. Despite being sanctioned by the European Union in 2023, Pravfond has continued to issue grants and fund recipients in EU countries. Discover the various tactics used to circumvent sanctions, such as transferring money through third parties or carrying cash across borders, and how this foundation serves as an instrument for Russian influence operations, often under the guise of defending human rights. Join us as we explore this deep dive into a complex influence machine and its efforts to exploit the trusting nature of liberal societies.Source: https://www.occrp.org/en/project/dear-compatriots

In this episode, we delve into the Defense Intelligence Agency’s 2025 Worldwide Threat Assessment, presented by Director Jeffrey Kruse. The report describes a rapidly changing and increasingly complex global security environment. We explore how national security threats are expanding, significantly driven by advancements in artificial intelligence, biotechnology, quantum sciences, microelectronics, space, cyber, and unmanned systems. The assessment highlights the deepening cooperation among U.S. competitors and adversaries such as China, Russia, Iran, and North Korea. This collaboration involves supporting one another in regional conflicts, efforts to evade sanctions, and taking steps to pressure the West, often through bilateral channels. Russia, in particular, is noted for employing asymmetric capabilities, including cyber and information campaigns, against the United States and its allies. We also look at how transnational criminal organizations and terrorist groups are exploiting geostrategic conditions, migration flows, and advanced technology to evade authorities and target U.S. interests and the Homeland. The report underscores how advanced technology facilitates foreign intelligence threats and alters the very nature of conflict. Join us as we break down the key insights from this crucial assessment detailing current threats and future trends we must address.

Weekly cyber security update based on the weekly CERT-SE newsletter and link aggregator. This week we dive into major international crackdowns on cybercrime, including Operation ENDGAME's latest strike against ransomware infrastructure and the disruption of the Lumma infostealer. We cover the relentless wave of attacks hitting critical sectors like legal aid, food supply, and energy, alongside new reports on the devastating impact of ransomware on healthcare and industrial systems. Plus, get insights into emerging threats like the Skitnet malware, fake CAPTCHA scams, and the growing cyber risks in space. We'll also share crucial guidance on decommissioning assets, securing industrial controls, and the latest alerts from CERT-SE.The original CERT-SE newsletter can be found here: https://cert.se/2025/05/cert-se-veckobrev-v21.html

In this episode, we're cracking open "Hacking Minds and Machines," a key report from the EU Institute for Security Studies. This paper tackles the critical threat of foreign interference in the digital era. It explores how foreign actors use a combination of tactics like information manipulation and cyberattacks, targeting everything from our social media feeds to critical infrastructure systems. The report dives into specific examples across various sectors, including the political, social, economic, digital, and international security domains, highlighting the connected nature of these threats and discussing how to build resilience. Stay tuned as we unpack some of the report's findings.

In this episode, we're going to discuss a new report from the NATO Strategic Communications Centre of Excellence titled "Impact of the Digital Services Act: A Facebook Case Study". This research set out to measure how the European Union's Digital Services Act, which aims to create a safer online space, has affected the spread of harmful content on Facebook. The study specifically looked at posts from Polish and Lithuanian accounts, comparing content published in 2023 before the DSA's rules applied to large platforms, and content from 2024 after the rules were in effect. The findings offer some critical insights: overall, the study found a notable increase in the total number of harmful posts, particularly in Polish content, although patterns varied by language. Hate speech was identified as the most prevalent type of harmful content, making up over 90% of violations in both years and showing significant growth. Interestingly, while the report found that Facebook increased its efforts in fact-checking content, the rate at which harmful posts were actually removed declined, a trend that was particularly pronounced for content in the Lithuanian language. Join us as we delve into these results, discuss what they reveal about the early impact of the DSA, and explore the ongoing challenges platforms face in managing harmful online content.

This episode explores the analysis presented in Chaillot Paper 186, "Unpowering Russia," edited by Ondrej Ditrych and Steven Everts. The paper argues that the European Union needs to adopt a more assertive stance against the Kremlin's tactics, going beyond resilience and deterrence to actively diminish Russia's capacity to undermine European unity and challenge its core interests. The discussion covers Russia's global footprint, examining its activities and vulnerabilities in regions such as China, the Indo-Pacific, the Southern Mediterranean, the Western Balkans, and Sub-Saharan Africa. It also delves into critical domains including Russia's hybrid warfare tactics, its use of the "red line playbook" of escalation threats, and the challenges posed by its "shadow fleet". The paper offers insights into Russia's strengths and weaknesses and proposes concrete ways the EU can leverage its own capabilities to counter Moscow's influence.

Dive deep into the world of Kremlin-led information influence operations with insights from a groundbreaking report by Lund University and the Psychological Defence Agency. This episode explores the capabilities of the Russian Social Design Agency (SDA), the entity behind the infamous 'Doppelgänger campaign'. Learn how SDA, described as one of the largest and most persistent Russia-based operations, uses a blend of digital tactics including cloning legitimate websites to spread disinformation and amplifying content through fake personas and paid ads.Drawing on over 3,100 leaked documents and technical reports, this analysis goes "Beyond Operation Doppelgänger" to reveal a sophisticated Kremlin ecosystem of well-resourced private sector and non-commercial organizations. Discover how SDA functions as a "content factory" churning out articles, memes, fakes, and more at an industrial scale, aiming not just to misinform but to reshape perceptions, "augment reality," and destabilize adversaries from within. The report also examines how SDA leveraged its exposure, turning notoriety into an opportunity to secure more resources, and discusses its strategies targeting Europe, Ukraine, and the US, including efforts in electoral manipulation. Gain a deeper understanding of the strategic and operational components of this adaptable, albeit sometimes flawed, organization.