Rachael Tyrell: 0:00

They just did not look like a typical hack to it. Hello and welcome to episode one, season two of your cyber threat intelligence podcast. Whether you're a seasoned CTI expert, a cybersecurity professional, or simply curious about the digital battlefield, our expert guests and hosts will break down complex topics into actionable insights. On this episode of season two, our host Pedro Kirchman will chat with Anastasia Sentova, who is a threat intelligence analyst specializing in cybercrime investigations across the Eurasian region, leveraging Russian language skills, deep regional, cultural, and geopolitical expertise. Her work focuses on state and non-state threat actors, ransomware and ATT ecosystems, dark web and OSINT investigations, and blockchain forensics. She is the author of multiple research publications on cybercrime, influence operations, and illicit financial activity. Over to you, Pedro.

SPEAKER_02: 1:01

Hi Pedro, I'm so excited to be here today. Thank you so much for inviting me.

Pedro Kertzman: 1:06

First episode of season two. And now we have many options for the guests to choose if they prefer to talk about the cyber side of CTI, threats, or intelligence. And of course, as you mentioned, we're gonna focus today on your research that is deeply rooted on the intelligence aspect. But really, it's such a deep, complex research that I'm sure we're gonna touch many other aspects within the CTI spectrum. And quickly for the listeners, before we jump right in, you can check our menu options on the LinkedIn page, Cyber Threat Intelligence Podcast. So Anastasia, mind-blowing research. And I love the way you put like the fine line or the razor thin line, how to do the attribution, how can you say if something state sponsored, influenced? Can we maybe start there? What are the signals that you see that will be the evidence for you to say it's sponsored, influenced, led, run, so on and so forth?

SPEAKER_02: 2:12

Yeah, thank you so much for all of your compliments from our work.

SPEAKER_01: 2:15

But before uh kind of just talking about technicalities, so the first thing that I probably learned a long time ago when I started investigating cybercrime is how complex is it? It is especially applicable to Russian-speaking cybercrime. When we are talking about the topic that I was trying to investigate, a potential involvement and what is the influence of a Russian government on Russian-speaking cybercrime, in particular, a couple of things that I was talking about is activism and ransomware. This is where it gets interesting. Again, it is it is complex. There is a couple of things that I tried to bring into my research, and kind of just a couple of aspects and a couple of like a basis that I was building on, all of my kind of just theories and things that I was trying to use in support of that. But I would like to actually uh start, go back a little bit in time and talk about the actual time when I was started actively thinking about it. Not that the thought of a potential involvement of government, of the state in the cybercrime wasn't in my head. It was the whole time, just knowing how things work in Russia, it was just almost unavoidable of not existing in such important areas as cybercrime. But going back in time in February 2022, when the full-scale invasion of Ukraine took place, and we also that search of numerous activist groups, they're all different in their alignment. There were pro-Russians, pro-Ukrainians. Over time, we also got different kinds of, but they're all being aligned with a particular state, right? Although those activist groups existed well before February 2022, it wasn't the first time when we saw them, right? But there was definitely something special that I noticed about them. They just did not look like a typical hacktivist. And when I'm talking about the typical hacktivist groups, and this is probably one of the questions that I'm being asked a lot, like what is it exactly that kind of just triggered that suspicion? And what is it exactly that was different about them? The first thing that was different, this again, this is a sudden surge of so many groups. What I noticed pretty quickly is their high level of coordination. So, and that was evident in their activity and the amount of posts that they were making, and not just that. That immediately, of course, made me think that yes, there is a definitely large organized membership network. It's just impossible for, let's say, we have it in a typical activist group, having a relatively small group, usually how it worked in activist groups. Like three to five people, or maybe a little more than that, would come together and they would engage in these like hacktivist activities, like it was historically. When it comes to these modern hacktivist-like groups, they did not look like that. High level of coordination, evident from the beginning, it was evident that it comprised of large organized membership networks. And what's more important, their operations were mirroring or even sometimes directly supporting state objectives. And that, of course, was evident at the start of the full-scale invasion of Ukraine. There were a lot of posts that would talk about specifically Alicia conflicts that had been happening on the ground. So here is your informational part, and here is the actual difference that they've been trying to make through these DDoS attacks, attempting to make a harm in the digital space, right? So that was interesting to see, and there were a lot of groups. I remember one of the first ones was a kill net, and when I saw them, that was one of the groups that I started investigating immediately. And also after some time, as many other groups were emerging, they were all acting pretty much the same. So that their objectives, the DDoS attacks, for example, were on the menu for pretty much the majority of them. So that made me think, kind of just wanting to look more into that. Of course, when we're talking about the potential state involvement, we have to be careful. Like we have to be careful with any attribution that we're doing. Whether we're talking about ransomware, whether we're talking about activism or apt groups, especially when it comes to, we have to be careful, just in general, like in our day-to-day threat intelligence CDI work, when we're talking about attribution, we have to be careful. And we definitely we can't just just throw words out there and say, oh, this and that. There is a different types of attribution, right? Sometimes you're trying to understand who are those actors behind it, either Russian speaking, what is the state that they're coming from, at least understand the language is and an approximate territory where they are operating. When it comes to the state, this is where things get even more harder, and your responsibility as an analyst gets even more important. So I started thinking and I started analyzing things by bringing all also my expertise in geopolitics, and this is something that I also learned early in the days when I started investigating cybercrime, that it doesn't exist in a vacuum. It's not just you know this little bubble that exists somewhere on the dark web, like it's believed to be like some some sort of like a separate living organism. It is not, it is not, especially when we're talking about Russian speakers speaking cybercrime. It is so complex and with so so many. First of all, it's not static, it's changing, and there is an outside and also inside events that are happening that are shaping and forming Russian-speaking cybercrime. So at the first thing, of course, is that it's not just it's it's not it's not so we're calling Russian-speaking cybercrime, Russian speaking for a reason. So we're not calling it Russian cybercrime, right? Uh so there is Russian cybercrime, but when we're talking about Russian-speaking cybercrime, we're essentially talking about all of the former Soviet Union states where the Russian-speaking um individuals um uh largely living uh during the Soviet Union time, of course, and and now they're all Russian-speaking uh uh individuals. Uh and that uh split actually when it was uh when it became really, really evident that there is a separation that exists in Russian speaking cybercrime happened exactly at that moment that I described, February 2022. We saw a split between Russian-speaking individuals who aligned themselves either with Russia or Ukraine, and we saw a lot of the conflicts that have been happening in the underground. Also, um when it comes to ransomware, for example, was a whole war like between actors and but maybe it's a separate topic for a different conversation. But uh what we but it doesn't matter, it doesn't matter what actually what what language actually actors speak these days, especially. But in my opinion, what's more important and who they are aligning themselves with. And this is where all of the things that you asked, Pedra, what is the how do we recognize that? What what are the what are the signs? Like what are the what is it that we can judge by and what is it that we can include and bring to our analysis? So and this is where where where it gets interesting. So one of the things also when that I noticed when I started to investigate them, it's a language, it's a language, it's a particular language. And with me of being of Russian origin, I understand they speak language, I'm a native speaker, but also I understand how things work in Russian. And what I noticed immediately is it wasn't it wasn't a typical person, if I can put it this way, it wasn't just a typical regular Russian citizen who they wouldn't talk this way. Like there's just there is no way. Like, and this is something that I noticed immediately. And uh and if I would describe this language, uh if we would if I would attempt to describe describe this language, uh it's a state language, basically. It's a state language that uh is very prevalent, especially over the past uh three years of uh uh starting the full-scale uh invasion and a conflict. But that language did not just uh appear like three years ago. So that was the process of militarization that I was talking extensively about in my research. And that militarization it did not start three years ago either. So that started well way, way back. So uh and when we're talking about Russia, about modern Russia, of course we're talking about Putin's era, right? And he's been president since 2000, what is it, like 25 years now? And there is a particular uh way of how things are being done in Russia, what laws uh he uh are being proposed to and pushed on people, uh but a lot of it, a lot of it revolves uh around this militarization. So uh and a couple of things that I brought into into my investigation and the way I tried to correlate things was first of all domestic landscape, right? Domestic landscape is is important is is important. So this is something that I'm trying to bring to investigation of cybercrime in general, because when we're talking about cybercrime and cybercriminals, those are people, right? And I feel like a lot of a lot of times this what I think is actually one of the main components of talking about people, of who they are, understanding what their motivations is is is so important, but I feel like oftentimes being just overlooked. And but this is something I definitely love doing. I published a lot of stories about cyber criminals after they've been indicted, kind of just telling stories, digging deeper and understanding who they are, where they're coming from, because this is so important to understand, not just from kind of just the criminology approach, right? Cybercriminology that we're dealing with right now, and understand who are those people behind those crimes, right? And environment and the environment that they're living in is one of the most important things, especially when it comes to Russia. So, and this is where you try to understand, okay, what is the environment that they're living in, and how is it and how it can possibly be affecting their actions and the way they they act. So, and this is where uh Russia's domestic landscape comes to play, and the militarization that I mentioned before, that that has a huge effect on people. It's huge, it's been it's been pushed on people, uh just kind of just in a playful way that I also describe uh in the research, uh uh uh also across the youth, kind of just uh doing all of this fun activity in school, kind of just yeah, onboarding even the youth. So kind of preparing them um from the you know from very early. But also this also comes in forms of the laws and regulations that are being done. This is it's not this is where it's definitely it's in not in a playful way. People are being sent to jail, the freedom of speech is being limited more and more, and this is a part of the domestic landscape. So, and and you would ask, okay, so how is it gonna affect cybercrime? Well, directly. So, first of all, those are people who also are a part of the environment, and they experience in that environment, and they're being affected by that environment, and at the end of the day, what is it that is is it gonna do to them? So, and when it comes to uh Russian cybercrime, evident not just uh for activism, and over time we started learning uh more about a particular people who are associated, a couple of people were uh um uh sanctioned in their uh association and uh involvement in this uh activist group activity, but also it's evident across uh uh um other type of cybercrime such as ransomware, for example. And if I would put it simply uh what I'm uh what I'm observing, the state just tried to uh keep that uh very um I don't know what where exactly to pick, but they're trying to play carefully. So they're trying to what I like to call so basically the state is a hand that can punish the cyber criminal, and they know that, and there have been cases, one of the cases, one of the biggest cases was Reval Ransomware with the arrest of actors that happened in 20 at the beginning of 2022, and that happened after the summit in Geneva, where two of the presidents met personally, and one of the topics of discussions was cybercrime. So we saw that we saw that the state has potential, but at the same time, there is a law of they're not gonna extradite anyone, and um you know, but at the same time, they can as they showed us they can arrest and they can influence and they they're showing them their power. So, but also at the same time, uh, for these people, for cybercriminals who is playing by their internal rules that have been formed over the years, for example, when it comes to ransomware, of not attacking any of Russian entities or even uh former Soviet Union entities, or over time, as we saw and rules started changing of not attacking friendly countries, and then we saw the language even changing to now not attacking BRICS countries. So, you know, we definitely see, and when you're asking, like, oh, is it political? And yes, in my opinion, because if it wouldn't, like there wouldn't be borders, like there wouldn't be uh uh uh no country that wouldn't be basically like no limit, no limit would exist. So it is like it is like from the beginning. Although they're saying that we're not political, no, we definitely see a special evidence in their target preferences. So so yeah, and when you think about uh uh cyber criminals, uh why they engage, why they engage in a particular way, because of course they are afraid of not just the particular relationships that have been formed uh through all of those cases, and there is probably a lot of cases that we don't know about. We don't know if any of those cybercriminals already been in contact in law enforcement, if they've been pressured, or which probably might be the case. But those relationships have been formed a long time ago. But when it comes to the general public, and this is where it gets interesting, because when I was looking at these activist groups and also this couple of actions, especially with the announcement of two individuals related to cyber armor fresh operations. One of them was a woman, Yulia Pankratova, and another one uh was I might be uh pronouncing his last name wrong, but it was his first name was Kirill Dyktierenka. Uh yes, and they've been announced as the ones involved in operations. So that is this is this is the part where where it gets messy because from one side you see this kind of just the simple regular individuals, right? But at the same time, you see all of this support, all of this Russian uh the state language slipping through this high uh organizations, the high level of support, the high level of activity, which is just impossible to be organized on uh very you know by regular people, what I'm trying to say. And this is where you're trying, this is where uh the intersection with the official movements, the one that that I described uh in the research came to came to place. Because my uh essentially my goal, uh one of my goals with this research was to understand how these people are being recruited in the first place, because definitely. those individuals they are in they they're involved it's not just potentially being operated or let let's put it this this safe way heavily influenced by the state so we're not just pointing our fingers and saying that yeah there is like a direct uh correlation but let's call it heavily influencing but uh what what is it exactly and how is it exactly that they're doing again militarization years and years and years and years of brainwashing but also uh one of the things one of the official movements that I was talking about all people of Russia where we clearly see a similar so there are of course there are different operations they do not conduct any of the offensive operations like a DDoS attacks for example but they're pretty similar but they're pretty similar also again with all of the state language slipping through and basically what this all of the all of Russia's people front about in in in in Russian's Narod Front is a Kremlin back civic movement that was launched at in 2011 at what's important at the initiative of Vladimir Putin himself. This is where it gets really interesting because if there is a name of a president of the like a main person in the country it just it just immediately adds all of this weight and all of this approval what's good and what's bad. And by looking at this people would be just automatically those who are voluntarily kind of just approving the regime and everything and those who might be just afraid but still falling under just being afraid but of not being attacked just you know kind of just follow following the order and one of the so besides that it is an official movement it's heavily exists on the ground there is a different awards there's a different events that this uh organization is bringing but what got me interested in particular besides all of this militarization pushing by this particular movement was their existed existence in a digital space and cyber squad is one that I was talking about and was caught my attention I was like oh my god like that is not hacktivist groups again but this is like this is your this is uh like very similar at least to what we observe uh to hacktivist group so cyber squad was launched in April 2023 and they do have they leave on telegram and they do have a couple of things in their ecosystem the first is their channel and it serves more like informational support it calls Russian truth or or pravda in Russian and it basically serves as to have an info informational support to the organization itself and the cyber squad in cyber squad in particular and in addition to that since this is where it got really interesting that they do have a boat. So I as a part of research interacted with the boat I was like okay let me see what is going on there. So and if taken uh shortly without going into details basically volunteers who are deciding to join the boat and deciding to join the cyber squad but their way their main goal is uh basically to support uh Russian informational space support your own and the way that it is being done by amplifying the content that is coming from pro-Russian uh bloggers and channels to expand their reach while simultaneously engaging in moderation identifying reporting uh materials across the telegrams and other platforms for removal and by this unwanted content what they mean is basically anything that is opposing pro-Russia pro-Russia content in materials so and also speaking about the militarization and all of this like militia thematics and everything the way it is being done also also interesting so when you're just joining this a cyber squad bot are immediately being assigned to military rank which which is kind of just I think like it being it being sold to you as in this like a playful way oh like it's oh it's all fun but what's behind it is actually it's it's not fun at all like this is the straight straight up uh brainwashing so the user this military bank immediately so they're assigning you uh the the the the lowest one it's private and then they're they're asking you so they're we're gonna give we're gonna give you link so go to this link report this material so it's gonna be removed also uh and kind of just gamification of all of it you're not just doing it just to do it you're being rewarded and the way that reward people through giving them points through giving them points that they can in the future spend on something some merch or or something else and and these people they're not just existing in a digital space they're physical awards that were this cyber quad cyber squad's members are being awarded they're being given like medals some different some different different kinds of prizes um for that so it is it is very interesting and when we're going back and kind of just the point that I was trying to make and through investigation of these official movements and overall militarization how it affects hacktivism so this is exactly what brings these individuals into hacktivism although which is likely the case they're being heavily influenced again by the state but this is where it starts start to make sense right because when you see all of this environment and all of this kind of just pushing and legitimizing the the this activity among individuals this is where it starts to make sense this is uh when you start understanding like oh okay so they like they're just considering that it is so widely state approved and is being supported they don't see anything anything wrong with that and also when it comes I remember when cyber when the when the announcement of these two people took place of related to cyber army pressure their reaction was very interesting you know when imagine one day you end up like on the sanctions or being indicted list right what would be your reaction like freak out right so what these people didn't stand they celebrated that like they they celebrated that yeah they did multiple posts they they put themselves on this funny posture like a wanted list and they said that we don't care and no action was taken whatsoever from any law enforcement so they even celebrated and and also I think it was a lot of it was also to show example to other people it's like oh don't be afraid like even if something gonna happen to you you're gonna be fine so those people just proceeded what's more important they even started sharing some of the details of their life like so oh I'm I'm here like I'm traveling here or I'm having a baby or I'm getting married or whatever.

Pedro Kertzman: 28:19

So that was interesting to see this is also a signal this is also a signal but it's not just a signal to actually to law enforcement who took action against them but it's more of a signal to the rest of the people inside of Russia or maybe those who are outside of Russia but would decide to join those you know those Halconist groups so this is this is interesting this is where this is this is where all of these small pieces pieces of the puzzle come together and you start to seeing seeing the picture so I'm gonna stop here so just to no but it's uh it it's I I really like the way you put it a lot of uh analysts when they're going to do a report related to any activities they see people is always thinking should I do should I use the words state tolerate or state sponsored state enabled but I love the way they're heavily influenced by the state because it it it makes total sense and the the brainwash part you mentioned I remember also on the article I don't want to say used but there are also the influence of um traditional influencers like artists singers you name it singing actors or whatever other famous people within the region or country and those influencers they help keep that fabricated bubble alive right and uh from like on on the CTI you know from a like CTI analyst standpoint you mentioned a few times the investigating things based on their uh channels the channels they use to communicate like telegram and others any known or that you're able to share pitfalls so people better understand those signals when they see that's uh more subtle that it's not like hard coded or simple to analyze that might be a trap to some CTI analyst that they're not like they don't have all the background that you have understanding the the again the background the subtle things behind that mindset or things that are people talking with that new language you mentioned that doesn't look like a normal you know Russian person but they got this new slangs or way to talk and things like that.

SPEAKER_01: 30:44

Any traps or any suggestions when people are investigating on on those channels so you know the first thing that I want to say and I remember there was a pretty heavy debate debate back in February 2020 2022 the script started emerging and a lot of people were saying oh they're not that like they're just script kiddies and like don't pay attention to them I did not share that of you and I was like no there is something going on and the first thing I would say that we shouldn't although sometimes it just looks like like you know this fluffy animal and like maybe script kiddies but maybe this is exactly the impression that they're trying to make and this is exactly what we observed because from the all of those uh funny guys who are just making jokes and constantly like like you know um doing all of this activity on telegram they're now they're now targeting critical infrastructure these are the well they're the not just not just the scale of their attack increased it's not just the DDoS attacks right now so what we're dealing right now is our breaches uh attempt uh to to mess with critical infrastructures and this is exactly what I'm talking about so don't but also in my opinion as a threat intelligence analyst uh you first of all never underestimate your enemy this is the first thing so but sometimes this is exactly what they're trying to do so and behind that funny mask like there is might be something going on so we definitely should be aware of the of these groups and now it's like it's no longer the the topic of debate so that there's been a lot of researchers they they they themselves changed over time again from all of those being funny and just talkative on telegram now they're targeting critical infrastructure but I think what I like to call them and kind of just if I can give a little like prognosis I don't see them living anywhere I I see them staying and what I like to call them they're they're pretty much new new new new types of AEPT groups so they're the this new phase of this advanced persistence rat that already emerged so they're blurring these traditional lines and of course it's it makes the attribution harder but this is something that we should keep in mind that through this and and again it's not only applies to this activist group something like this I'm only investigating heavily in ransomware so what is the possibility of uh of all of these groups being used and all of this offensive operations being done through their hands you know that that that possibility is itself so they're not they're not gonna go anywhere so they're the a new threat that we're dealing with and they're that they're gonna be that they're gonna be here they're just it it's just it's just too it's just too good it's just too good especially when it comes with potential state involvement and operations you know you're kind of just doing uh things that you want do think that you want to do but you're shifting all of the blame on this you know activist groups or ransomwork or whatever the traditional cybercrime is out there. So it's very you know handy. And also on top of that what I observe and what unfortunately only is gonna grow this global spillover effect. So because other states are watching so this model of digital conscription that is blending essentially all of the ideology propaganda basically the state state narrative and state objectives and not only exist in Russia so it's um definitely an already been adopted by other countries and this global spillover effect is probably gonna grow even more so not so on top on on top of on top of on top of Russia so we also should be looking at at other countries and a potential threat that might be coming from their side you know and again coming back to militarization so this trend in Russia is not anywhere it just is here and it and again it's only growing and with that humidly would think about all of those people who are a part of that environment on on on what it means. So and a part of the environment where cybercrime also exists and it's it's only gonna it's it's it's only gonna get worth especially especially if there is a multiple ongoing militia conflict. So cybercrime unfortunately became a part of it. So we're now dealing not just the underground but also in the digital space but also I'm just trying to answer your questions your questions what are the signs their existing existence itself is the science so none of those groups should be should be ignored and also on top of that we should understand who they are where they are coming from what their motivations what is the attribution what is going on behind it but also trying to understand what is it that we can not just how to deal with them at the moment and how to mitigate risks whether it comes in form of DDOS attacks or a breach like we're now seeing more often directed to critical even critical infrastructure but also what it would mean in future and how this beast is gonna grow and what it potentially might turn into. So I always keep repeating like if you don't know the past you're not gonna be able to predict future so all of it in if you think today does this oh this is not something that these are the script kid is I remember the same thing probably everyone talking about this cater spider right this ransomware and they started they started the same and that that evolution but it's again it's a different topic for different con for different conversations but what I'm trying to say the point I'm trying to make is never underestimate your enemy especially when it comes to cybercrime that is very interconnected in its nature so you never know who they might be starting collaborating starting tomorrow and what other forces might come might come to play. So that would be something to think about for sure.

Pedro Kertzman: 38:03

That's that's great thank you and if I could connect some of the dots as well I I remember on season one we were talking with uh Valery uh Soloninka and he was mentioning about the big um educational uh cyber system um in Russia like even from high school college and universities and we if we connect that with the youth recruitment that we see that like it's a big recipe for whenever people think about script kitties they're probably talking about a very capable knowledgeable script kitty if you want to put this way uh it's not like your general messing around that they have like the talent and the knowledge like you mentioned to to start disrupting critical infrastructure doing more sophisticated attacks because again they were trained to to to do that and with that kind of a sometimes brainwash like uh environment is just a a complicated recipe for bad things on the digital space to happen. I think my my my last question I think a lot of people especially on the CTI space uh we're always talking about like the Western bias right like uh it's simple to just start saying oh it's this or like Russian speaking or Russian state sponsored whatever influenced you know how can you um with the you know all the background that you have from this what would be the recommendation for people to kind of uh to check themselves if they're not using like just the Western bias but they have like proper information and And uh proper evidence that some claims, some of the claims they are doing are real.

SPEAKER_01: 40:06

This is so important, like, and this is you're bringing such a great, such a great uh point to that. So one of the things that I is the must for any analyst to have. Same like a journalist, for example, is be free bias. So this is something unfortunately is hard to deal with sometimes, especially if you're if you have uh limited knowledge and understanding of how the rest of the world works. So I've been lucky to experience uh multiple. So I know I was born in Russia and I know all of the the way that it works in Russia and everything. And I know I know people, I know how things work, and I have a heavy understanding, not just uh of geopolitical context and everything, but also by people, uh general people themselves. So one of the very important things is be free of that bias. And this is this is exactly what you said, what you said, just checking yourself constantly. Am I being biased here? Because this is something that uh we're not here to push a particular narrative, right? So we're here, we're just being fair, fair, not the judges, but analysts. So you have your evidence in hand, and with that you're trying to do your assessment, you're trying to make in conclusion. So and this is a place uh where we should be free of bias, and not just uh that is very unprofessional, but it might actually hurt the work that you do. So and uh one of the things and one of the actually um uh kind of just raised questions that I keep hearing, interestingly enough, lately, is that how heavy we're concentrating on uh Russian-speaking cybercrime and Russia in particular. So, but it's not just it's not just the cybercrime that exists out there, right? So there is a lot going on in different parts of the world. Uh so this is uh keep in mind, and also speaking about geopolitics, how this Russian-speaking cybercrime interacts with other with the rest of the world, with because there's definitely uh there is a there there is a communication and cooperation that is happening, so how it all works. It's also just such a fascinating topic for me personally, and something that I'm uh uh researching uh extensively and it especially became evident over the couple of past uh years of cooperation of Russian sub-economists, English, again, the youth, skatered spider, their collaboration with Russian ransomware and the youth that is uh in Europe, all of this, like 16, 17 years old, how this influence works. Being free of bias is uh very important for the analysts, analysts themselves, in order for them to do a better job, essentially. So I'm always checking myself, you know, although it's very hard, like it's very hard, we're all humans, we're not robots. It it's very hard, we're all being influenced. Uh we but uh but with that we're analysts and we're already coming on the scene like with the set of skills, right? And one of those skills is critical thinking essentially. This is something that uh that that that that we all uh should have.

Pedro Kertzman: 43:47

So that would be my uh no that's that's also I I think yeah, it's so important to people uh to you know cross-check the things they are they are putting in reports, uh to quote one of the the nice things about your article so they don't do a oops, I did it again with the bias uh uh mentality. And you know, always checking if they have proper evidence for any of the claims they're bringing. And of course, I'll put a link uh for your research on the on the podcast episode. If people want to understand better the background, I'm sure uh there are a lot of uh history details, a lot of uh good information there so people can better understand the background and why things are the way they are right now on a Russian-speaking um cybercrime, if you will. Uh Anastasia, thank you so much for coming to the show. I really appreciate all the all the insights, and I hope I see you around. Thank you.

SPEAKER_01: 45:00

Thank you so much, Pedro. It was really nice to talk to you.

Pedro Kertzman: 45:03

Thank you.

Rachael Tyrell: 45:05

And that's a wrap. Thanks for tuning in. If you found this episode valuable, don't forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn group, Cyber Threat Intelligence Podcast. We'd love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure.