Hi Everyone,

I’m happy to welcome the second trainer from i-intelligence!

In this newsletter, we’re going to dive into Runet — the Russian internet.

✨ My guest this time is Vytenis Benetis 🙌

Vytenis serves as 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿 𝗳𝗼𝗿 𝗔𝘀𝗶𝗮 at i-intelligence, bringing over a decade of 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗟𝗶𝘁𝗵𝘂𝗮𝗻𝗶𝗮𝗻 𝗠𝗶𝗻𝗶𝘀𝘁𝗿𝘆 𝗼𝗳 𝗗𝗲𝗳𝗲𝗻𝗰𝗲, 𝗡𝗔𝗧𝗢, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗘𝗨. With a unique background combining engineering (BSc. from U.S. Naval Academy, Ph.D. from University of Maryland) and intelligence work, he's trained professionals across dozens of government agencies in the region.

He has provided research, training, and advisory services to public and private sector clients across Asia. His mandates have spanned a range of 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗱𝗶𝘀𝗰𝗶𝗽𝗹𝗶𝗻𝗲𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗶𝗻𝗴 𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲, 𝗰𝘆𝗯𝗲𝗿 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲, 𝗳𝗿𝗮𝘂𝗱 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻𝘀, 𝗰𝗼𝘂𝗻𝘁𝗲𝗿-𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝗺 and general hashtag#OSINT and hashtag#SOCMINT investigations. As such, he is sensitive to regional security challenges and local information cultures.

Bonus: A 10% discount code - APIINT10 on all courses is valid until the end of this October!

Cybersecurity News 

• Mango breach: Spanish clothing giant Mango has had user data stolen from a third-party marketing provider. The stolen data included names, emails, country, ZIP codes, and telephone numbers. Find out more.

• AI Browser Risks: Atlas & Comet — OpenAI’s new AI browser, Atlas, and Perplexity’s Comet can access everything you’re logged into, from emails to CRMs, and even execute commands from malicious web pages. The security community has raised serious concerns, strongly advising against its use even for personal accounts because it can be hacked via websites, reads all logged-in data, and deleted content may still be retained. TechCrunch highlights that “private” modes aren’t truly private. Find out more.

  

  Source: Linkedin

  Other

  • 🎃🎃🎃 Trick or Track - Undetectable’s Halloween quiz testing how stealthy you are online.

📰Reports

• Handbook Against Disinformation 2nd edition (2025) - State Chancellery, Latvia, practical guidance on information security. Report.

  Russia's Crime-Terror Nexus - GLOBSEC & International Centre for Counter-Terrorism, criminality as a tool of hybrid warfare in Europe. Report.

OSINT Guest Section

How to seek information in RuNet?

The survey is closed. Thank you everyone for contributing. It gave us ideas about the content that you read in all issues.

Successfully seeking information within the Russian Internet ecosystem, also known as RuNet, requires mastering unique search strategies and leveraging platforms specific to the Russian-speaking world. Below are some highlights for handling the RuNet.

1. Operational Security (OPSEC)

   One should ensure operational security (OPSEC) when researching RuNet, especially more sensitive topics. Russia has laws that strictly govern the use of VPNs, choice of narratives in public media, internet access control, and data preservation and access for law enforcement and its security apparatus. Thus, one must always use tools for anonymity and maintain compartmentalization of hardware and software.

2. Search Engines

   For general research, utilizing Yandex is essential in addition to Google and Bing. Learn to build smart queries and use Russian keywords. Yandex is often superior for searching Russian-focused content, providing either unique or more nuanced results. It also offers a robust reverse image search.

3. Translation Tools

   Russian language most likely will require translation.  While Google Translate probably comes first to mind, consider using very capable DeepL. It handles informal language much better than its rivals. Alternatives like Yandex Translate or Reverso might also come in handy. If choosing to engage LLM chatbots in translation, the best approach is to condition them through a well-crafted prompt to act as a translator instead of its default use.

4. Typing in Russian

   One needs to learn to input keywords in Russian even without knowing the language. A way to do it is either with the keyboard (make sure to select phonetic layout) or even better – learning to type using transliteration (e.g., via translit[.]ru or Google Input tools).

5. Acronyms & Specialized Terms

   For deciphering abbreviations and specialized terms, resources like sokr[.]ru and multitran[.]ru are invaluable, especially when translating conflict-related acronyms frequently seen on Telegram or VKontakte.

6. Understanding the Ecosystem

   Understanding RuNet means also understanding distinct ecosystem of platforms, data sources, and access limitations. Unlike the Western web, RuNet relies heavily on domestic services like VK (VKontakte), OK (Odnoklassniki), Yandex, Mail[.]ru, and hundreds more local solutions that cover all domains online. Open data often hides in plain sight. For example, military related information is available in a wide range of sources varying from soldiers’ social media posts, recruitment pages, and veterans’ groups on VK, to public procurement and contracting portals. Furthermore, laws and regulations of RuNet are becoming tighter, and access to services may require deeper authentication or even a use of VPN with a Russian or Russia-friendly IP address.

7. Telegram & Bots

   Some RuNet platforms stand out. Such is Telegram, one of the fastest growing messenger platforms globally, Russia’s de facto information hub. Thousands of channels cover topics from local communities to broad topics like Russian OSINT.  It is worth noticing that investigation of Telegram requires knowledge both of its internal capabilities and many third-party tools that crawl, index and investigate it. Telegram bots deserve separate attention. They are the cornerstone of automated access to open data that might otherwise be buried or restricted. For example, bots like GlazBoga (Eye of God), Quick OSINT and similar can retrieve phone numbers, vehicle registrations, or leaked credential data from Russian-language databases. However, operational security in using them is critical. Many bots are run by private or semi-criminal operators, and queries can be logged. Properly configured, bots may offer unparalleled insight into Russia’s information environment.

8. Geographical Intelligence

   When it comes to geographical intelligence, local Russian mapping sources often offer better data than Western equivalents. Yandex Maps and 2GIS are leading platforms for Russia and former Soviet Union countries, sometimes providing detailed information, contacts, and websites for various entities.

9. Russian Naming Conventions

   It’s a crucial entry point for identifying individuals and linking them across data sources.

   A standard Russian full name consists of three parts:

   • first name (имя),

   • patronymic (отчество),

   • and surname (фамилия)

   For example, Sergey Ivanovich Petrov.

   The patronymic is derived from the father’s first name (Ivan → Ivanovich/Ivanovna) and can signal generational or regional origins.

   Transliteration variants (e.g., Yuri/Yury/Iurii, Sergey/Sergei) must be accounted when researching Latinized databases, news, or sanctions lists.

   Furthermore, people may choose different ways to represent themselves on social networks, using abbreviations, short-form names or dropping some name parts like patronymic middle name. These variations must be accounted for when investigating social media profiles or leaked data. In general, searching across both Cyrillic and Latin spellings and variations of name expressins increases hit rates.

10. Russian Companies & Organizations

    Investigating Russian companies or organizations requires a mix of official registries, gray data, and social analysis within the RuNet environment.

    • The foundation of this work lies in the Unified State Register of Legal Entities (ЕГРЮЛ / EGRUL), accessible through the Russian Federal Tax Service (egrul.nalog[.]ru), which lists company founders, directors, registration dates, and financial data.

    • Complementary platforms such as Rusprofile[.]ru, List-org, Spark-Interfax and countless more aggregate this data, often linking entities through shared addresses, phone numbers, or executives — invaluable for mapping ownership networks and state-linked businesses.

    • Thus, when researching entities connected to defense or intelligence, OSINT analysts should combine corporate records with media monitoring (Medialogia, TASS, Kommersant), sanctions databases (EU, OFAC, UK), and tender archives (zakupki[.]gov[.]ru) to identify procurement relationships.

    • Cross-referencing tender documentation with Telegram leaks and VK staff profiles can reveal hidden affiliations — for example, engineers at private “IT integrators” working under the Ministry of Defense.

    • Many Russian front companies also use offshore intermediaries (Cyprus, Armenia, Kazakhstan), requiring searches across both Russian and foreign registries. Crucially, analysts must interpret Russian legal forms correctly.

      Designations like

      • ООО (limited liability company),

      • АО/ПАО (joint-stock company),

      • ФГУП (federal state unitary enterprise),

      • and АНО (autonomous nonprofit organization) indicate ownership structure and potential state ties.

        For instance, ФГУП entities often belong directly to ministries, while АНО structures — such as “ANO Dialogue” or “Russia — Land of Opportunities” — frequently serve as state-controlled influence projects under civilian branding.

    Understanding these forms allows OSINT practitioners to separate genuine private enterprises from state fronts, an essential step when tracing disinformation networks, defense supply chains, or sanction circumvention pathways.

SOCMINT

That’s all from Vytenis Benetis. Learn more about i-intelligence’s Russian, Arabic/MENA, and Chinese OSINTcourses here.

OSINT Tools

• OSINT-Tools-Russia – A comprehensive collection of OSINT tools and resources focused on Russian data sources and intelligence gathering.

• YaSeeker – Tool for analyzing Yandex accounts, useful for investigations involving Russian digital identities and footprints.

• OSINTvk – Utility designed for collecting and analyzing data from VKontakte (VK), the largest Russian social network.

Google Yandex Updates

• Maps Accessibility Update: Yandex Maps has rolled out a major accessibility improvement in Kazakhstan. In Almaty and Astana, users can now plan walking routes that account for staircases with ramps—over 4,500 have been mapped.

• Leadership Shift: Yandex co-founder Arkady Volozh has officially departed the company to lead Nebius, a new AI-focused venture. Read more.

• Yandex Uzbekistan: The regional branch has launched an updated search engine powered by a neural network trained on the Uzbek language, improving local-language understanding and relevance.

Upcoming CyberSec / OSINT Events

Free

• [Warsaw, Poland] ACAMS Poland Chapter: “KYC – Know Your Criminal”
  Explore evolving trends in financial crime detection and KYC risk management. October 28, 2025 4:30PM - 8:00PM CET More info

• [Online] GIJN Webinar: “Tips and Tools for Uncovering Online Scams”

  Join investigative journalists Antonio Baquero (OCCRP), Damien Leloup (Le Monde), Hera Rizwan (BOOM Live, India), and Nyakerario Omari (Africa Uncensored) — moderated by Craig Silverman (Indicator).

  Learn how reporters across regions investigate online scams, fraudulent platforms, and coordinated deception campaigns. October 28, 9 AM EDT

• [Toronto, Canada] Media Literacy Week – J-Talks: “The New Age of Misinformation”. (Hosted by The Canadian Journalism Foundation & MediaSmarts, in partnership with UNESCO)

  Speakers: Craig Silverman and Carolyn Jarvis for a deep dive into AI-driven disinformation, deepfakes, and modern verification tools like Indicator. October 29, 6:30 PM ET

• [Isle of Man] Communities of Practice: Open Source Intelligence
  A new initiative bringing together OSINT practitioners, researchers, and community leaders to share best practices. November 11, 2025 Register on Eventbrite

🎃🎃🎃 CTF 🎃🎃🎃

• Dragos CTF 2025 – Virtual OT Cybersecurity Challenge

  Compete in a hands-on ICS/OT-focused Capture the Flag event featuring challenges in phishing analysis, ICS protocol forensics, Windows event logs, and PLC logic review. Online participation (solo or team).

  October 29–31, 2025, Starts 12:00 EDT, Register 

  → Last year, my team and I had so much fun participating in this.

• Spooktacular CTF 2025 (by The OSMOSIS Association)
  October 30 (12:12 PM EST) – November 2 (midnight) More info

• Splunk Worldwide Bots (Boss of the SOC) Day 2025
  BOTS10 worldwide shortly after .conf. Splunk is hosting two worldwide BOTS10 competitions on Thursday, October 30th or Friday, October 31st, depending on where you’re located in the world. Read more

• Haunted Pumpkin CTF ’25 (by OSINT Switzerland)

  The Halloween edition of the official OSINT CTF — 30 haunting hours of investigation and analysis. October 31 @ 17:00 UTC – November 1 @ 22:59 UTC More info

• V1t CTF 2025 (by R4wr)

  Beginner-friendly and intermediate Jeopardy-style CTF covering web exploitation, reverse engineering, cryptography, forensics, and misc challenges. Check it here. October 31 @ 13:00 UTC – November 2 @ 13:00 UTC

🙃Bonus

Advent of OSINT 2025 – Call for Contributors

My friend Alain (known as OSINT4FUN) is organizing again the Advent of OSINT 2025 and looking for contributors! The event runs from December 1–24, featuring 24 daily OSINT challenges in English and French, open to everyone without registration. Registered players can track rankings and earn BADGR badges for completing challenges or reaching the podium.

Want to contribute? Create 1–2 challenges with a short statement and solution, and submit them by November 15 to [email protected]

.