Analyst Cyber Espionage Team at Mandiant (Google)
Gabby Roncone is an Analyst on the Cyber Espionage Team at Google's Mandiant where she tracks and analyzes Russian and Eastern European cyber operations. She was previously also an Adjunct Associate Professor at the Georgetown Center for Security Studies, where she co-taught a course on cyber operations.
Since February 2022, Mandiant has tracked and responded to GRU wiper operations. Though much has changed since the onset of the war, the GRU has remained relatively consistent in its use of wiper operations in support of Russia’s overall warfighting effort. Ranging from its high-level approach to its tooling decisions and hands-on-keyboard activity, we have observed a common set of behaviours across its operation to enable both access and action. Though the GRU does appear to adapt to wartime circumstances, shifting its targeting in line with evolving priorities, they continue to execute wiper attacks in the same pattern. As a result, we seek to imagine a GRU playbook: one that spans both strategy and technical components of operations, which has been used to enable fast-paced, quick-turnaround operations since the onset of the war. Through specific examples of cases where we’ve seen tried-and-true GRU patterns in action, we hope to provide insight into what wartime operations look like in support of Russian information confrontation in Ukraine.