BTS of #RWRBMovie: the score by Drum & Lace

Below are summarised points of what Sofia Hultquist (Drum & Lace) mentioned about Red, White & Royal Blue on this podcast.

She was brought on for the film in December 2022 as a replacement. By then, there already was an assembly cut of the movie (the 3 hour one)

It was challenging because people already loved the characters and because Alex and Henry come from very strong backgrounds.

Alex and Henry have their own individual themes that work together as their theme together. For example, this can be heard in the track "We Won." Their themes were written to be played by two people at the piano at the same time, representing them separately and coming together.

Henry's themes incorporate a few different kinds of pianos, inspired by the fact that Henry plays the piano

Alex's instrument is the guitar, paying homage to his heritage and because it was a more contemporary sound

The score had to be classically inclined enough to feel like a big romantic score, but also contemporary enough to stand up to all the amazing songs used in the movie

For 'First Kiss,' it was important for the music to come in really quietly so you just hear piano notes. It had to be delicate so it didn't come in too strong

'In Good Hands' was the music that went through the most revisions, probably the scene that went through the most revisions as well (the making love scene). It was very important to Matthew to portray that in a way that was authentic and not sensationalist and the music had to be the same. Every time the cut changed, the music had to change. There was around 7 versions of the music. They opted not really for piano and there's a harp at one point which Matthew suggested using because "it's in-between a piano and a guitar where it's a plucked instrument but still considered like a keys"

Matthew had a lot of ideas and is really musically attuned (but kept acting like he wasn't)

There was about 3-4 versions for the other tracks

"Museum" is her favourite track and the one she and Matthew both decided was the one to push in Spotify

She sees the love and number of plays on Spotify

+ confirmed the back of the vinyl is the Union Jack

Queen of Pentacles. Art by Taylor Hultquist-Todd, from Terra Arcanae.

...a star nosed mole...

“Dancing On My Own”

Original by Robyn

Covered by Anna of the North with Drum and Lace & Ian Hultquist

As fun and lovely as the film, the Rosaline original soundtrack is a brilliantly entertaining collaborative feat by Drum & Lace and Ian Hultquist. Short, refreshing, wild, and full of some stunning covers of classic songs, it’s something we’re sure Bridgerton fans especially would enjoy. And most importantly, it is, without question, another delight to add to our never-ending list of period drama original scores.

The Rosaline original soundtrack is the kind of delight that can follow a listener through whatever mood they’re in. Something whimsical? Something nostalgic? Something a little sad and unsure? Something happy? It’s the complete package for a wide variety of emotions, simultaneously taking listeners through one adventure after another.

Continue Reading

Over nearly a decade, the hacker group within Russia's GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine's power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.

On Tuesday, a cyberattack hit Kyivstar, one of Ukraine's largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.

Kyivstar's CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar's] infrastructure [and] limited access.”

“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy's access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”

The Ukrainian government hasn't yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia's GRU.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group's Telegram account. The message also includes screenshots that appear to show access to Kyivstar's network, though this could not be verified. “We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as government agencies and law enforcement agencies of Ukraine. The rest of the offices helping the Armed Forces of Ukraine, get ready!”

Solntsepek has previously been used as a front for the hacker group Sandworm, the Moscow-based Unit 74455 of Russia's GRU, says John Hultquist, the head of threat intelligence at Google-owned cybersecurity firm Mandiant and a longtime tracker of the group. He declined, however, to say which of Solntsepek’s network intrusions have been linked to Sandworm in the past, suggesting that some of those intrusions may not yet be public. “It's a group that has claimed credit for incidents we know were carried out by Sandworm,” Hultquist says, adding that Solntsepek's Telegram post bolsters his previous suspicions that Sandworm was responsible. "Given their consistent focus on this type of activity, it's hard to be surprised that another major disruption is linked to them.”

If Solntsepek is a front for Sandworm, it would be far from the first. Over its years of targeting Ukrainian infrastructure, the GRU unit has used a wide variety of covers, hiding behind false flags such as independent hacktivist groups and cybercriminal ransomware gangs. It even attempted to frame North Korea for its attack on the 2018 Winter Olympics.

Today, Kyivstar countered some of Solntsepek's claims in a post on X, writing that “we assure you that the rumors about the destruction of our ‘computers and servers’ are simply fake.” The company had also written on the platform that it hoped to restore its network's operations by Wednesday, adding that it's working with the Ukrainian government and law enforcement agencies to investigate the attack. Kyivstar's parent company, Veon, headquartered in Amsterdam, didn't respond to WIRED's request for more information.

While the fog of war continues to obscure the exact scale of the Kyivstar incident, it already appears to be one of the most disruptive cyberattacks to have hit Ukraine since Russia's full-scale invasion began in February 2022. In the year that followed, Russia launched more data-destroying wiper attacks on Ukrainian networks than have been seen anywhere else in the world in the history of computing, though most have had far smaller effects than the Kyivstar intrusion. Other major Russian cyberattacks to hit Ukraine over the past 20 months include a cyberattack that crippled thousands of Viasat satellite modems across the country and other parts of Europe, now believed to have been carried out by the GRU. Another incident of cybersabotage, which Mandiant attributes to Sandworm specifically, caused a blackout in a Ukrainian city just as it was being hit by missile strikes, potentially hampering defensive efforts.

It's not yet clear if the Kyivstar attack—if it was indeed carried out by a Russian state-sponsored hacker group—was merely intended to sow chaos and confusion among the company's customers, or if it had a more specific tactical intention, such as disguising intelligence-gathering within Kyivstar's network, hampering Ukrainian military communications, or silencing its alerts to civilians about air raids.

“Telecoms offer intelligence opportunities, but they're also very effective targets for disruption," says Mandiant's Hultquist. “You can cause significant disruption to people's lives. And you can even have military impacts.”

Kanthony Spotify Playlist

Okay.. I worked too hard on this.

Kanthony Playlist 

14 Songs 52 Minutes

Btw if you have any recs it’s forever changing

It’s Okay to Be Me, performed by: Sincerely, Me (3:25) (Anthony’s Theme)

Wild Horses performed by: Grace Power (2:43) (Kate’s Theme)

Bois Lie performed by: Avril Lavigne, Machine Gun Kelly (2:43) (ep 1/2 First impression friction)

Electric Touch performed by: Taylor Swift, Fall Out Boy (4:26) (ep 3/4 Realizing feelings, bee sting, hunting trip, storm)

Dancing On My Own performed by: Anna of the North, Drum & Lace, Ian Hultquist (3:57) (ep 4 Dancing and Talking at the “Hearts and Flowers” ball)

Treacherous performed by: Taylor Swift (4:03) (ep 4 Almost Kiss in his study)

Head Above Water, performed by: Avril Lavigne (3:41) (ep 4/5 Anthony and Edwina are to get married, and Kate and Anthony are secretly dying inside)

Stop And Stare performed by: OneRepublic (3:44) (ep 6 During the wedding, Kate and Anthony cannot keep their eyes off of each other)

What About Us preformed by: P!nk (4:30) (ep 6/7 The wedding is a disaster and does not happen; the families are in ruin)

Stay performed by: Rihanna, Mikky Ekko (4:01) (ep7 Kate and Anthony finally give in their feelings)

Somewhere Only We Know, performed by: Keane (3:56) (ep8 After their night together, Kate freaks out, and after her falling off her horse and injuring herself, Anthony finally breaks through the feelings he has been pushing down.)

Wrecking Ball performed by: Miley Cyrus (3:41) (ep8 Kate and Anthony dance at the Featherington Ball where Edwina, The Queen, Lady Danbury, and both of their families smile at them approvingly.)

Heartbeat Here performed by: Dashboard Confessional (3:27) (ep 8 Outside the ball, Anthony professes his love for Kate and proposes marriage. Kate professes her love well and accepts, and they share a passionate kiss underneath the fireworks.

Let My Love Open The Door performed by: Luminate (3:18) (Kate and Anthony unity theme, They think they don’t deserve love but the other shows they do.)

23 Mayıs 2024, 22.50

Drum & Lace, Ian Hultquist - Dario Leaves

Bu gece hiçbir estetik kaygı olmaksızın yazmak istiyorum. Yazılarımı okuyan üç veya beş kişi... Bugün burayı günlük gibi kullanmam sorun olur mu? Çünkü ne anlatacağımı bilmeden geldim. Kelimeler "şuramda" takılı kaldı. Ağzımı açıp konuşsam, söylediklerim ya şiir olacaktı ya da anlamsız kelimelerden ibaret cümleler... O hissi bilir misiniz? Biliyorsanız söyleyin, yalnız olmadığımızı görüp birbirimize sessizce eşlik edelim.

Son bir yıldır kendi zihnimle, kendi varlığımla, kendimle yalnız kalmakla ilgi öyle zorluk çekiyorum ki... Sürekli göremediğim şeylerle savaşıyorum. Sanki devamlı mücadele ediyorum ama düşmanımın ne olduğunu bilmiyorum. Biri gözlerimi bağlamış, kulaklarımı tıkamış ve elime bir silah vermiş gibi. Anlıyor musunuz?

Anlaşılmaya bu kadar ihtiyaç duyduğumu henüz fark ediyorum. "Tamam anlıyoruz," desinler istiyorum. "Anlıyoruz. Seni artık görüyoruz. Yalnız değilsin, korkmana gerek yok."

Birkaç ay öncesine göre daha mutluyum, öyle olmadığımı söyleyerek bencillik edemem. Ama daha huzurlu değilim. Her an gerginim, rahatsız hissediyorum. Ruhuma kadar korkunun kendisi oldum. Bugün düşündüm. "Hep böyle mi olacak? Sonsuza kadar böyle mi hissedeceğim?"

Sonra kalbimin bir köşesine sakladığım umudum cevapladı sorumu. Yalnız değilsem ve benim gibi dağınık, melankolik ve huzursuz hisseden birileri varsa eğer... Belki bu oldukça yetersiz cevap sizin de "şuranızdaki" yükü hafifletir.

"Hayır. Böyle olmayacak. Buraya daha önce gelmiştin, bu duyguları hatırlıyorsun. Bunları daha önce düşünmüş, bu paragrafları defalarca yazmıştın. Her şey akar, hepsi geçer. Gerçekten de değişmeyen tek şey değişimin kendisidir. Ve sakın unutma, yaşamak yaralanmaktır. Yaralanmak da güzel."

Rosaline (Karen Maine, 2022)

Cast: Kaitlyn Dever, Isabela Merced, Sean Teale, Kyle Allen, Spencer Stevenson, Bradley Whitford, Christopher McDonald, Minnie Driver, Nico Hiraga. Screenplay: Scott Neustadter, Michael H. Weber, based on a novel by Rebecca Serle. Cinematography: Laurie Rose. Production design: Andrew McAlpine. Film editing: Jennifer Lee. Music: Drum & Lace, Ian Hultquist. 

Rosaline is an amusing trifle, an exercise in parashakespeare like Rosencrantz and Guildenstern Are Dead (Tom Stoppard, 1990) or Shakespeare in Love (John Madden, 1998), though I'm sure neither screenwriters Scott Neustadter and Michael H. Weber nor Rebecca Serle, the author of the book on which Rosaline is based, would be eager to invite comparison with Stoppard's erudition and wit. In Romeo and Juliet, Rosaline is only a plot device: Juliet's cousin, with whom Romeo is infatuated, she's never seen in the play, but serves only, via the teasing of his friends, to emphasize Romeo's bent toward romantic ardor. The film casually turns the play on its head, converting tragedy into rom-com, as Kaitlyn Dever's Rosaline gets her revenge on Romeo's fickleness by trying to make him fall out of love with Juliet. Dever is a fine comic actress, and she gets good support from the rest of the cast. Kyle Allen, looking a bit like Heath Ledger in another parashakespearean movie, 10 Things I Hate About You (Gil Junger, 1999), plays Romeo as a lovestruck goof. His Juliet (Isabela Merced) is a faux naïf from the country, who manages to get the upper hand on the manipulative Rosaline. (There's a mid-credits scene at the end that suggests things will not go smoothly for Romeo and Juliet after they escape Verona by means of a fake death.) Bradley Whitford plays Rosaline's father, determined to marry off his independent-minded daughter. After a series of superannuated suitors whom Rosaline manages to scare off, he comes up with the handsome young Dario (Sean Teale), whom she initially rejects, but everyone who has ever seen a rom-com knows she will eventually fall for. There are nice comic bits from Spencer Stevenson as Paris, Rosaline's gay best friend who gets roped into an engagement with Juliet, and Nico Hiraga as Steve the Courier, a stoner who delivers -- or fails to deliver -- the crucial messages that in the original play would precipitate tragedy. And while Juliet's nurse plays a key role in Shakespeare, she's only a bit part in the movie. Instead, there's Minnie Driver as Rosaline's nurse, indignantly insisting that she's a trained registered nurse, not a babysitter. The screenplay wisely jettisons any attempt to evoke Shakespearean language and adopts contemporary speech that jars amusingly with the period setting and costumes. Director Karen Maine keeps all this fluff nicely airborne. 

This is the trailer for my micro-budget horror film Blood Harvest (2023). It's available now on Prime Video and Vudu. I co-wrote the original story, co-produced and composed the music for the film.

This was a labor of love that started over 10 years ago from an idea I had based on some personal experiences. The film suffers from some technical sound issues that sadly weren't corrected in post production. They are pretty noticable. Also some of my score is difficult to hear in parts, again, some major sound issues that I'm a bit astounded were not corrected or caught in post production by the film editor. But aside from that, actually getting a film made and distributed in Hollywood is a huge accomplishment. People don't realize how difficult it is to get a movie made and released. I'm very proud that we were able to do that.

This trailer also features a song by my industrial metal band Brain Matter, "Fractured Reality" (starting at 44 seconds). Listen to the full song here.

So, if you feel like popping Blood Harvest on in the background and supporting indie horror, give it watch!

Blood Harvest

Director: Danny LeGare

Writers: Michael Hultquist, Danny LeGare, Seth Metoyer

Stars: Jason London, Robert LaSardo, Greg Nutcher, Eva Hamilton

Executive Producer: James Cullen Bressack

Producer: Jarrett Furst

Co-Producer: Seth Metoyer

Distributor: Uncork'd Entertainment

Music By: Seth Metoyer

PODCAST: Sofia Hultquist (Music Composer), Red White & Royal Blue, Dickinson | Big Gay Energy Podcast

In this episode with spoke with Sofia Hultquist from the talented Drum & Lace. Sofia is a music composer in the film industry and has worked on many projects including the new Red, White, and Royal Blue Movie!

Death. Art by Taylor Hultquist-Todd, from Terra Arcanae.

A cave bat for death...

CALIFICACIÓN PERSONAL: 6 / 10

Título Original: Rattlesnake

Año: 2019

Duración: 85 min

País: Estados Unidos  

Dirección: Zak Hilditch

Guion: Zak Hilditch

Música: Ian Hultquist

Fotografía: Roberto Schaefer

Reparto: Carmen Ejogo, Theo Rossi, Emma Greenwell, Apollina Pratt, Joy Jacobson, Arianna Ortiz, Sean J. Dillingham, David Yow, Alexandra Nell

Productora: Netflix, Campfire

Género: Drama; Horror; Mistery

https://www.imdb.com/title/tt9257484/

TRAILER:

Russia's military intelligence unit known as Sandworm has, for the past decade, served as the Kremlin’s most aggressive cyberattack force, triggering blackouts in Ukraine and releasing self-spreading, destructive code in incidents that remain some of the most disruptive hacking events in history. In recent months, however, one group of hackers linked to Sandworm has attempted a kind of digital mayhem that, in some respects, goes beyond even its predecessor: They've claimed responsibility for directly targeting the digital systems of water utilities in the United States and Poland as well as a water mill in France, flipping switches and changing software settings in an apparent effort to sabotage those countries’ critical infrastructure.

Since the beginning of this year, a hacktivist group known as the Cyber Army of Russia, or sometimes Cyber Army of Russia Reborn, has taken credit on at least three occasions for hacking operations that targeted US and European water and hydroelectric utilities. In each case, the hackers have posted videos to the social media platform Telegram that show screen recordings of their chaotic manipulation of so-called human-machine interfaces, software that controls physical equipment inside those target networks. The apparent victims of that hacking include multiple US water utilities in Texas, one Polish wastewater treatment plant, and, reportedly, a French water mill, which the hackers claimed was a French hydroelectric dam. It’s unclear exactly how much disruption or damage the hackers may have managed against any of those facilities.

A new report published today by cybersecurity firm Mandiant draws a link between that hacker group and Sandworm, which has been identified for years as Unit 74455 of Russia’s GRU military intelligence agency. Mandiant found evidence that Sandworm helped create Cyber Army of Russia Reborn and tracked multiple instances when data stolen from networks that Sandworm had attacked was later leaked by the Cyber Army of Russia Reborn group. Mandiant couldn't determine, however, whether Cyber Army of Russia Reborn is merely one of the many cover personas that Sandworm has adopted to disguise its activities over the last decade or instead a distinct group that Sandworm helped to create and collaborated with but which is now operating independently.

Either way, Cyber Army of Russia Reborn’s hacking has now, in some respects, become even more brazen than Sandworm itself, says John Hultquist, who leads Mandiant’s threat-intelligence efforts and has tracked Sandworm’s hackers for nearly a decade. He points out that Sandworm has never directly targeted a US network with a disruptive cyberattack—only planted malware on US networks in preparation for one or, in the case of its 2017 NotPetya ransomware attack, infected US victims indirectly with self-spreading code. Cyber Army of Russia Reborn, by contrast, hasn’t hesitated to cross that line.

“Even though this group is operating under this persona that’s tied to Sandworm, they do seem more reckless than any Russian operator we’ve ever seen targeting the United States,” Hultquist says. “They’re actively manipulating operational technology systems in a way that’s highly aggressive, probably disruptive, and dangerous.”

An Overflowed Tank and a French Rooster

Mandiant didn't have access to the targeted water utility and hydroelectric plant networks, so wasn't able to determine how Cyber Army of Russian Reborn got access to those networks. One of the group’s videos posted in mid-January, however, shows what appears to be a screen recording that captures the hackers’ manipulation of software interfaces for the control systems of water utilities in the Texas towns of Abernathy and Muleshoe. “We are starting our next raid across the USA,” reads a message introducing the video on Telegram. “In this video there are a couple of critical infrastructure objects, namely water supply systems😋”

The video then shows the hackers frenetically clicking around the target interface, changing values and settings for both utilities’ control systems. Though it’s not clear what effects that manipulation may have had, the Texas newspaper The Plainview Herald reported in early February that local officials had acknowledged the cyberattacks and confirmed some level of disruption. The city manager for Muleshoe, Ramon Sanchez, reportedly said in a public meeting that the attack on the town’s utility had resulted in one water tank overflowing. Officials for the nearby towns of Abernathy and Hale Center—a target not mentioned in the hackers’ video—also said they’d been hit. All three towns’ utilities, as well as another, in Lockney, reportedly disabled their software to prevent its exploitation, but officials said that service to the water utilities’ customers was never interrupted. (WIRED reached out to officials from Muleshoe and Abernathy but didn't immediately hear back.)

Another video the Cyber Army of Russia Reborn hackers posted in January shows what appears to be a screen recording of a similar attempted sabotage of a wastewater utility in Wydminy, a village in Poland, a country whose government has been a staunch supporter of Ukraine in the midst of Russia’s invasion. “Hi everybody, today we will play with the Polish wastewater treatment plants. Enjoy watching!” says an automated Russian voice at the beginning of the video. The video then shows the hackers flipping switches and changing values in the software, set to a Super Mario Bros. soundtrack. The Wydminy facility didn't respond to WIRED’s request for comment.

In a third video, published in March, the hackers similarly record themselves tampering with the control system for what they describe as the Courlon Sur Yonne hydroelectric dam in France. In fact, the French newspaper Le Monde revealed Wednesday that they had instead accessed the control system for a small water mill running through a village of 300 people. That video was posted just after French president Emmanuel Macron had made public statements suggesting he would send French military personnel to Ukraine to aid in its war against Russia. The video starts by showing Macron in the form of a rooster holding a French flag. “We recently heard a French rooster crowing,” the video says. “Today we’ll take a look at the Courlon dam and have a little fun. Enjoy watching, friends. Glory to Russia!”

In their Telegram post, the hackers claim to have lowered the French dam’s water level and stopped the flow of electricity it produced, though according to Le Monde, they failed to even affect the small water mill they actually tampered with.

In the videos, the hackers do display some knowledge of how a water utility works, as well as some ignorance and random switch-flipping, says Gus Serino, the founder of cybersecurity firm I&C Secure and a former staffer at a water utility and at the infrastructure cybersecurity firm Dragos. Serino notes that the hackers did, for instance, change the “stop level” for water tanks in the Texas utilities, which could have triggered the overflow that officials mentioned. But he notes that they also made other seemingly arbitrary changes, particularly for the Wydminy wastewater plant, that would have had no effect.

“You can see them flipping through all kinds of stuff just to click the button,” Serino says. “I would say there’s some level of understanding but not a full understanding of how the system works.”

Signs of Sandworm

Mandiant found multiple strong clues that Cyber Army of Russia was, at the very least, created with support from Sandworm if not entirely controlled by that unit of the GRU. YouTube accounts for Cyber Army of Russia were set up from an IP address known to be controlled by Sandworm, Google’s Threat Analysis Group found. (Mandiant, like YouTube, is a Google subsidiary.) On multiple occasions, Sandworm has also carried out what Mandiant’s Hultquist calls “attack-and-leak” operations against Ukrainian targets: Sandworm would penetrate the victim's network and infect it with wiper malware to destroy the contents of machines—but not before stealing the data from the network, which in several cases was later leaked in posts on Cyber Army of Russia Reborn's Telegram account.

Hultquist notes that Cyber Army of Russia Reborn's relatively “haphazard” hacking—and its entirely faulty targeting of what the hackers may have believed was a French dam—doesn't appear to match the style of Sandworm, which has, despite its incredibly callous cyberattacks, shown somewhat more deliberation in its targeting and methods. That may suggest an unusual situation, one in which a state-sponsored group created a more grassroots front that has now gone on to carry out even more reckless operations of its own. The GRU, Hultquist says, has “probably been involved in creating this group and running it. If someone even more aggressive than them comes along and operates in that space, carrying out these attacks, they’re not entirely blameless.”

Even as Sandworm's apparent spinoff carries out its chaotic attacks, Mandiant's report notes that Sandworm itself has shifted somewhat away from the more opportunistic disruptive operations it has carried out in the past. In the first year of Russia's invasion of Ukraine, it launched repeated wiper attacks against Ukrainian targets—many of the relentless, quick-and-dirty data-destroying strikes that Mandiant had previously attributed to the GRU as a whole were specifically the work of Sandworm, it has now concluded. Sandworm also carried out a third blackout attack in 2022, this time in concert with a missile strike on the same area. More recently, however, Sandworm has increasingly taken on an espionage and support role for Russia's physical war effort, the company's report notes.

That more careful coordination with Russia's physical forces has included an operation in which Sandworm used a piece of spyware that US government agencies dubbed Infamous Chisel to infect Android devices used by the Ukrainian military for command-and-control, an apparent effort to gain battlefield intelligence. Mandiant also points to a website set up on a Sandworm-linked server that appears to be a tool for Russian troops to exfiltrate data from captured smartphones, including links for extracting messages from apps like Signal and Telegram.

“As their war aims have evolved, we've seen the group evolve as well,” says Dan Black, a Mandiant analyst and coauthor of its Sandworm report who served as NATO's deputy head of cyber threat intelligence until last year. Black says Sandworm, like much of the Russian military, has had to change its approach, adapting to that espionage and support role as Russia's initial aim of quickly toppling Ukraine's government has shifted into a protracted war of attrition. “What we see is a real pivot away from that wiping activity toward espionage for battlefield enablement,” Black says.

Even as Sandworm shifts into that more traditional military intelligence role, however, the Cyber Army of Russia group that it likely helped to create continues to run wild with disruptive operations, far beyond the front lines of Russia's war in Ukraine. If that spinoff hacker outfit is truly independent of Sandworm, Mandiant's Hultquist notes, that may mean it will continue to demonstrate even less caution or discretion than the GRU's own hackers have.

“Someone under this persona is doing some really aggressive stuff, and they’re doing it globally, and they could ultimately cause a very real incident,” Hultquist says. “If this is just some random group of hacktivists who lack the structure and restraint of a military organization, they may cross lines in ways that no one anticipates.”