Principal Analyst Cyber Espionage Team at Mandiant (Google)
Dan Black is a Principal Analyst on the Cyber Espionage team at Google’s Mandiant, where he specializes in analysis of Russia's cyber program and the broader dynamics of competition and conflict in cyberspace. Dan was previously the Deputy Head and Principal Analyst in NATO’s Cyber Threat Analysis Branch. He is also He is also a Millennium Fellow with the Atlantic Council. Dan holds master’s degrees in international relations from Harvard University and in forensic anthropology from the University of Toronto.
Since February 2022, Mandiant has tracked and responded to GRU wiper operations. Though much has changed since the onset of the war, the GRU has remained relatively consistent in its use of wiper operations in support of Russia’s overall warfighting effort. Ranging from its high-level approach to its tooling decisions and hands-on-keyboard activity, we have observed a common set of behaviours across its operation to enable both access and action. Though the GRU does appear to adapt to wartime circumstances, shifting its targeting in line with evolving priorities, they continue to execute wiper attacks in the same pattern. As a result, we seek to imagine a GRU playbook: one that spans both strategy and technical components of operations, which has been used to enable fast-paced, quick-turnaround operations since the onset of the war. Through specific examples of cases where we’ve seen tried-and-true GRU patterns in action, we hope to provide insight into what wartime operations look like in support of Russian information confrontation in Ukraine.