Handala wiper attacks, APT28 implant devs are back, Signal's verification problems

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Three Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest.

Plus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (raw, AI-generated)
• TLPBLACK Solutions
• Kim Zetter: Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems
• Stryker Cyberattack Adds to Fears of New Front in Iran War
• Bloomberg: Cyberattack Hits Stryker; Pro-Iran Group Claims Credit
• Who is Handala? (Malpedia)
• Palo Alto: Increased Risk of Wiper Attacks
• CISA Advisories on Iran State-Sponsored Cyber Threat
• Russia state actors targets Signal and WhatsApp accounts
• Dutch intel report on Signal, WhatsApp targeting
• Signal responds to Dutch Intel report
• ESET: Resurgence of one of Russia’s most notorious APT groups
• Poland says foiled cyberattack on nuclear centre may have come from Iran
• Apple ships iOS 16.7.15 to cover 'Coruna' exploits
• Apple iOS 15.8.7 covers 'Coruna' exploit kit
• Detection Engineering #148
• NEBULA:FOG 2026 | AI x Security Hackathon
• Ekoparty Miami (May 21-22, 2026)
• PIVOTcon Agenda