This episode covers a new FOI report that offers an empirically grounded analysis of Ukrainian strategic communication during the 2023–2024 phase of the Russo-Ukrainian war, aiming to identify general lessons for wartime communication in democratic states. It examines the evolution of Ukraine's communication efforts, from initial formalisation to adapting under chaotic invasion conditions.

It highlights challenges like war fatigue, information vacuums, and the struggle to maintain global attention.

The report also explores Russian information manipulation tactics (dismiss, distort, distract, dismay, divide) and Ukraine's use of offensive communication, ultimately concluding that effective strategic communication is a critical tool but not a standalone solution to war, requiring agility, transparency, and a nuanced understanding of diverse audiences and evolving information environments.

Link: https://www.foi.se/rapportsammanfattning?reportNo=FOI-R--5758--SE

This episode details a joint report from Dutch intelligence services, the AIVD and MIVD, that reveals the identification of a new, likely Russian state-supported cyber threat actor named LAUNDRY BEAR, also tracked by Microsoft as Void Blizzard. This group has been targeting Western government organizations and defense-related entities since 2024 through relatively simple, yet effective, methods including exploiting valid accounts and password spraying to access email and retrieve sensitive data, demonstrating a high success rate in espionage activities. The report also provides technical details on LAUNDRY BEAR's tactics and offers a range of mitigation strategies to enhance organizational resilience against these threats.

This episode details the findings of an investigation into coordinated inauthentic behavior (CIB) networks by Meta. Their First Quarter (-25) Adversarial Threat Report focused on operations originating in China, Iran, and Romania, which used fake accounts across multiple online platforms. Each network targeted specific regions with content designed to manipulate public discourse, often reposting news and current events. The report outlines the tactics and threat indicators associated with these operations, including the acquisition of accounts and strategies for disguising their identities and engaging with audiences. Ultimately, these networks were disrupted before they could establish a significant presence.

This episode delves into the landscape of hybrid threats as seen in the CERT-SE report for week 22, 2025, highlighting how cyber operations are now a central tool in this complex domain where peace and conflict blur. The report provides a snapshot of national and international cyber incidents and trends. Several key themes emerged, including persistent state-sponsored activity, the vulnerability of critical national infrastructure, the evolving tactics of cybercriminals, and ongoing efforts to bolster cyber defenses.

In this episode we're diving into a joint cybersecurity advisory highlighting a significant state-sponsored cyber campaign. This report comes from multiple international cybersecurity agencies, including the United States NSA, FBI, and CISA, the UK's NCSC, and agencies from Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France, and the Netherlands. The advisory details a campaign conducted by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), specifically military unit 26165. This unit, known in the cybersecurity community by names like APT28 and Fancy Bear, has been targeting Western logistics entities and technology companies since 2022. The campaign is described as cyber espionage-oriented and has targeted entities involved in the coordination, transport, and delivery of foreign assistance to Ukraine. It utilizes a mix of previously known tactics, techniques, and procedures and is likely connected to wide-scale targeting of IP cameras in Ukraine and bordering NATO nations, potentially to track aid shipments. This elevated risk of targeting means executives and network defenders in these sectors should increase monitoring and strengthen network defenses.

Dive into the world of hybrid threats with our latest episode, uncovering the hidden operations of a state-backed foundation advancing the Kremlin's agenda abroad. Based on tens of thousands of internal emails obtained by journalists, this report reveals how "Pravfond," the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad, operates under the banner of providing legal aid to Russians in trouble overseas. The investigation shows that for years, Pravfond has funded the legal defense of alleged spies, criminals, and propagandists, while also backing propaganda outlets and working closely with intelligence operatives. This includes supporting individuals accused of anti-state activities against countries like Latvia and Lithuania, funding pro-Russian narratives, and establishing networks of influence. The sources highlight how Pravfond views Russians abroad as a significant force and seeks to turn them into agents of the Kremlin. Despite being sanctioned by the European Union in 2023, Pravfond has continued to issue grants and fund recipients in EU countries. Discover the various tactics used to circumvent sanctions, such as transferring money through third parties or carrying cash across borders, and how this foundation serves as an instrument for Russian influence operations, often under the guise of defending human rights. Join us as we explore this deep dive into a complex influence machine and its efforts to exploit the trusting nature of liberal societies.

Source: https://www.occrp.org/en/project/dear-compatriots

In this episode, we delve into the Defense Intelligence Agency’s 2025 Worldwide Threat Assessment, presented by Director Jeffrey Kruse. The report describes a rapidly changing and increasingly complex global security environment. We explore how national security threats are expanding, significantly driven by advancements in artificial intelligence, biotechnology, quantum sciences, microelectronics, space, cyber, and unmanned systems. The assessment highlights the deepening cooperation among U.S. competitors and adversaries such as China, Russia, Iran, and North Korea. This collaboration involves supporting one another in regional conflicts, efforts to evade sanctions, and taking steps to pressure the West, often through bilateral channels. Russia, in particular, is noted for employing asymmetric capabilities, including cyber and information campaigns, against the United States and its allies. We also look at how transnational criminal organizations and terrorist groups are exploiting geostrategic conditions, migration flows, and advanced technology to evade authorities and target U.S. interests and the Homeland. The report underscores how advanced technology facilitates foreign intelligence threats and alters the very nature of conflict. Join us as we break down the key insights from this crucial assessment detailing current threats and future trends we must address.

Weekly cyber security update based on the weekly CERT-SE newsletter and link aggregator.

This week we dive into major international crackdowns on cybercrime, including Operation ENDGAME's latest strike against ransomware infrastructure and the disruption of the Lumma infostealer. We cover the relentless wave of attacks hitting critical sectors like legal aid, food supply, and energy, alongside new reports on the devastating impact of ransomware on healthcare and industrial systems. Plus, get insights into emerging threats like the Skitnet malware, fake CAPTCHA scams, and the growing cyber risks in space. We'll also share crucial guidance on decommissioning assets, securing industrial controls, and the latest alerts from CERT-SE.

The original CERT-SE newsletter can be found here: https://cert.se/2025/05/cert-se-veckobrev-v21.html