Brian Carter

Brian Carter is a principal researcher at Cloudflare who brings more than 20 years of experience in intelligence analysis and network defense to the Cloudforce One threat intelligence program. Brian is particularly interested in exploring the crime services that support ransomware such as stolen data, initial access brokers and cryptocurrency laundering.

‍

Talk: The Anomaly of NastyShrew: Unmasking FSB Operations Through Their Own Noise (with Verena Wingerter) [TLP:AMBER-STRICT]

In the complex landscape of Russian cyber operations, Gamaredon (NastyShrew) stands out not for its sophistication, but for its noise. As an FSB-subordinate group broadly targeting Ukraine, their strategy relies on a spray-and-pray approach. But this lack of finesse leaves a massive, exploitable digital footprint.

This presentation will dissect the anatomy of NastyShrew’s high-volume campaigns, focusing on the critical blunders they commit while operating at scale. We will share the story of how Cloudflare's Russia Team, utilizing proprietary traffic data, partnered with researchers across the industry to connect the dots. We will walk the audience through the methodologies used to exploit Gamaredon's mistakes, turning their operational volume into their greatest vulnerability. This talk proves that when defenders reach across corporate boundaries, even the most prolific state actors have nowhere to hide.