Sign in / up

back to article Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics – including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    That domain name may actually be a Swiss joke..

    In Swiss German, "li" is appended to indicate "little", so "Tram" would be "Tramli" for a small one (not a very good example, but I haven't dealt with Swiss German for a while).

    This could suggest cock.li is a covert joke about its users :).

    8 0 Reply
    1. Irony Deficient
      Reply Icon

      Re: That domain name may actually be a Swiss joke …

      The -li suffix indicates a diminutive, and might be more familiar in English through Müesli (the diminutive of Mues, “mush”). The analogous suffix in Swabian German is -le, e.g. Spätzle.

      6 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: That domain name may actually be a Swiss joke …

        The relentlessly efficient* Austrian scientists have managed to reduce this to a lonely -l, often while lopping off great chunks of the original word. Along with -i, and coming from a High German background, this often feels like one is talking with a child, eg."Wir gehen Berg aufi mit dem Säckl" would roughly translate as "We go uppy the mountain with the sacky".

        Fabulous beer, mind.

        *compulsory phrase when talking about any Germanic countries.

        4 0 Reply
        1. sad_loser
          Reply Icon

          Re: That domain name may actually be a Swiss joke …

          Should have used

          trashbat.co.uk

          1 0 Reply
  2. Neil Barnes Silver badge

    the unpronounceable Yttrium

    Mid seventies prog rock group, I thought?

    6 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: the unpronounceable Yttrium

      Element-ary, my dear Watson.

      12 0 Reply
      1. David 132 Silver badge
        Reply Icon
        Coat

        Re: the unpronounceable Yttrium

        I believe it was Jo Brand who told the joke years ago about Watson walking into 221b Baker St, to find Holmes on his hands and knees attempting to push a small yellow citrus fruit up his posterior.

        "My God, Holmes! What are you doing?"

        "Lemon entry, my dear Watson."

        8 0 Reply
    2. TimMaher Silver badge
      Reply Icon
      Facepalm

      Re: the unpronounceable Yttrium

      Oh.... and I thought it was a very rare .0 sec. mineral in Eve Online.

      0 1 Reply
  3. _LC_
    Megaphone

    "says US CISA infosec agency"

    Joseph Goebbels:

    "Eine Lüge muss nur oft genug wiederholt werden. Dann wird sie geglaubt."

    /

    "A lie only has to be repeated often enough. Then it will be believed."

    Being watching those repetitions for ages now. Our weekly/daily turd drop us now, dear intelligence services (=mobsters).

    1 10 Reply
    1. Pascal Monett Silver badge
      Reply Icon

      Re: "says US CISA infosec agency"

      So that's where Trump got his communication policy from.

      Now I understand better.

      3 3 Reply
  4. wolfetone Silver badge
    Coat

    Here's what US CISA do when they break in to your network

    They blame the Russians.

    7 2 Reply
    1. _LC_
      Reply Icon
      Headmaster

      Re: Here's what US CISA do when they break in to your network

      Technically, is it really “breaking in” though, when they can simply open the (back)door? ;-(

      3 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Here's what US CISA do when they break in to your network

        Normally our mail server only gets a login attempt every couple of minutes but occasionally I see more than 40,000 attempts in a day. The majority appear to be coming from Russia but we're far more concerned about just blocking them than tracking them.

        2 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: They blame the Russians.

      who blame the Americans, lol.

      2 0 Reply
      1. wolfetone Silver badge
        Reply Icon

        Re: They blame the Russians.

        And GCHQ is just laughing at the lot of them.

        2 0 Reply
  5. yogidude

    Low and slow

    Botnets are still ubiquitous if my web logs are anything to go by. You know they are part of the same botnet because even though one failure is from Brasil and another from France and yet another from Ukraine etc, they all cause the exact same number of failed logins in a 24h period.

    Hint to SVR: try to introduce some randomisation with your low and slow.

    4 0 Reply
  6. David Shaw

    but when I registered my first .li domain

    a few years ago I was immediately (within around 3-hours of registering) telephoned by a rather angry spook from #### who asked WTF I was up-to?

    And they didn't ask me in Russian

    I hope I didn't give anyone any ideas, my Lichtenstein based site (down at present for hosting change) http://###.li/ is Russian for "bowling ball"/"skittles", and isn't "hyi" in any way shape or form

    weird stuff on the interwebs nowadays

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: but when I registered my first .li domain

      I registered a .li domain exactly because of the diminutive effect "li" has in Swiss German, I was at the time in Switzerland.

      The result is that I have a very short email address, but it sometimes takes a while to spell it to end users who are still as yet unaware of country suffixes like .ch, .de and - as discussed - .li. Yes, we've only been using this Internet thingy for a couple of decades. Ooh look: paper and ballpoints, yes, you can put away that quill now! Sorry, digressing slightly.

      It also has the fun property of two characters next to each other which could be an L, an I or a one (1), which allows for some entertainment while using a sans serif font. Sometimes I like to set up dormant abilities to confuse things, just in case :).

      2 0 Reply
    2. Alan Brown Silver badge
      Reply Icon

      Re: but when I registered my first .li domain

      time to register johnson.li

      1 1 Reply
  7. Santa from Exeter

    Modus Operandi

    Looks to me like the FBI just released their Modus Operandi by mistake.

    Oh well, blame it on the Chinese, sorry, Russians.

    Remind me, is it Eastasia ot Eurasia today?

    3 4 Reply
  8. Potemkine! Silver badge

    Counterpart

    Is there any article in the russian-controlled media explaining how the CIA/NSA/GCHQ/Whatever attacks russian targets?

    We see many articles explaining Russia is attacking us (and I clearly believe it does), but are there some reciprocal ones?

    1 0 Reply
    1. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      Re: Counterpart

      We're not Russian media but this right here is perhaps what it may look like -- coverage of 5EYES piling into Russia.

      And here. And pretty much everything written about Edward Snowden and the CIA Wikileaks materials.

      C.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like