Three Buddy Problem Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click
74 snips
Aug 29, 2025 The podcast dives into the implications of the Salt Typhoon advisory, analyzing its delayed release and useful insights for defenders. Discussion revolves around Google’s new cyber disruption unit and the ethical dilemmas it presents. The role of AI in enhancing threat detection is examined, along with the troubling vulnerabilities in WhatsApp that threaten user security. Additional topics include a new Chinese APT report, Amazon's disruption of APT29, and the importance of precise terminology in understanding evolving cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Naming Avoidance Signals Attribution Uncertainty
- The advisory avoids adopting commercial names and uses the generic term "APT actors," which muddles attribution.
- This ambiguity reflects technical uncertainty and disagreement across contributors about who exactly comprises "Salt Typhoon."
Company Names Imply Supply-Chain Signals
- The report names Chinese companies allegedly tied to intelligence services, hinting at sanctionable supply-chain roles.
- Costin warns lumping multiple companies under one APT umbrella widens the attribution bucket and complicates response.
Building A Decades-Long Malware Archive
- Costin built a personal archive of malware samples dating back to the 1990s across CDs, DVDs and drives to enable retro-hunts.
- He says long-term historical collections let you train models and pivot across decades of activity.