CyberWire Daily

Did "appeasement" embolden Russia's cyber operators? Western Digital discloses a cyberattack. Rilide is a new strain of malware in active use. The Mantis cyberespionage group uses new, robust tools and tactics. The challenges of threat hunting. Joe Carrigan has thoughts on public school systems making cyber security part of the curriculum. Our guest May Mitchell of Open Systems addresses closing the talent gap. And when it comes to criminal enterprise, size matters.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/64Selected reading.Russia's shadow war: Vulkan files leak show how Putin's regime weaponises cyberspace (The Conversation)Russia's Invasion of Ukraine Heralds New Era of Warfare (VOA)West’s Cyber Appeasement Gave Putin Green Light: James Stavridis (Bloomberg Law)Western Digital Provides Information on Network Security Incident (Business Wire) Western Digital confirms breach, shuts down systems (Computing)Western Digital discloses network breach, My Cloud service down (BleepingComputer)WD says law enforcement probing breach of internal systems (Register)Western Digital investigating MyCloud data breach affecting Mac desktop drives (Macworld)Users fume after My Cloud network breach locks them out of their data (Ars Technica)Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (Cisco Talos Blog)Mantis: New Tooling Used in Attacks Against Palestinian Targets (Symantec) Inside the Mind of a Threat Hunter: Team Cymru's Latest Report Sheds Light on Challenges Faced by Cybersecurity Analysts (Accesswire)Wages Dominate Cybercrime Groups' Operating Expenses (PR Newswire)Inside the Halls of a Cybercrime Business (Trend Micro)Size Matters: Unraveling the Structure of Modern Cybercrime Organizations (Trend Micro) Learn more about your ad choices. Visit megaphone.fm/adchoices

"Cylance" the ransomware (with no relation to Cylance, the security company). An update on the 3CX incident. The FSB's arrest of a Wall Street Journal reporter. Simone Petrella from N2K Networks unpacks 2023 cybersecurity training trends. Deepen Desai from Zscaler has the latest on cloud security. And Hacktivists claim to have tricked wives of Russian combat pilots into revealing personal information.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/63Selected reading."Cylance" ransomware (no relation to Cylance). (CyberWire Pro)New Cylance Ransomware Targets Linux and Windows, Warn Researchers (HackRead)New Cylance Ransomware strain emerges, experts speculate about its notorious members (IT PRO) More evidence links 3CX supply-chain attack to North Korean hacking group (Record)3CX supply chain attack: the unanswered questions (Computing)3CX Desktop App Compromised (CVE-2023-29059) (Fortinet Blog) Evan Gershkovich Loved Russia, the Country That Turned on Him (Wall Street Journal)The Ukrainian hoax that revealed the Russian pilots who bombed Mariupol theatre (The Telegraph)Ukrainian Hacktivists Trick Russian Military Wives for Personal Info (HackRead) Learn more about your ad choices. Visit megaphone.fm/adchoices

Alon Jackson, chief executive and Co-founder of Astrix Security, sits down to share his story to rising success. Before being on the vendor side of things, Jackson served in various strategic roles in the Cyber Security Division of the Israeli Military Intel Unit 8200 for more than 8 years, including leading the Cloud Security division and serving as the Head of the Cyber Security R&D Department. His experience in the military inspired him to learn more about the industry and jump to the private sector. Fast forward years later, he co-founded his company to help address security gaps seen in the industry. He mentions how being a start up CEO can be difficult sometimes, and how it may feel as though you're an octopus with all the multitasking that comes with the job. Alon says that one of his main goals as a contributor in this industry is making sure people remember him and his company for years to come, saying he wants to help by " building a company that people kind of know about, remember, and is important in the world." We thank Alon for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dick O'Brien from Symantec’s Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property.This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families."The research can be found here: Blackfly: Espionage Group Targets Materials Technology Learn more about your ad choices. Visit megaphone.fm/adchoices

The Vulkan papers offer a glimpse into Mr. Putin’s cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging stations. Our guest is Steve Benton from Anomali Threat Research, sharing a ‘less is more’ approach to cybersecurity. And AlienFox targets misconfigured servers.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/62Selected reading.A Look Inside Putin's Secret Plans for Cyber-Warfare (Spiegel)Secret trove offers rare look into Russian cyberwar ambitions (Washington Post) 7 takeaways from the Vulkan Files investigation (Washington Post)‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics (the Guardian)Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan (Mandiant)3CX DesktopApp Security Alert - Mandiant Appointed to Investigate (3CX)Information on Attacks Involving 3CX Desktop App (Trend Micro)3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component  (SecurityWeek)There’s a new supply chain attack targeting customers of a phone system with 12 million users (TechCrunch)Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) (Orca Security)Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife (SentinelOne) Learn more about your ad choices. Visit megaphone.fm/adchoices

The 3CXDesktopApp is under exploitation in a supply chain campaign. An open letter asks for a pause in advanced AI development. All your grammar and usage are belong us. Combosquatting might fool even the wary. Defender had flagged Zoom and other safe sites as dangerous. Recognizing the importance of OSINT. Matt O'Neill from US Secret Service discussing his agency’s cybersecurity mission. Our guest is Ping Li from Signifydwith a look at online fraud. And the FSB arrests a US journalist.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/61Selected reading.3CX DesktopApp Security Alert (3CX)Supply Chain Attack Against 3CXDesktopApp (CISA)Pause Giant AI Experiments: An Open Letter (Future of Life Institute)In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT (WIREDAI chatbots making it harder to spot phishing emails, say experts (the Guardian)The Most Common Combosquatting Keyword Is “Support” (Akamai)False positives in Microsoft Defender. (CyberWire)Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe (Proofpoint) ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine (WeLiveSecurity) Russia Ramping Up Cyberattacks Against Ukraine (VOA) A new age of spying gives Kyiv the upper hand (The Telegraph) Russia arrests Wall Street Journal reporter on spying charge (AP NEWS)Russia detains a Wall Street Journal reporter, accusing him of espionage. (New York Times) Learn more about your ad choices. Visit megaphone.fm/adchoices

Traffers and the threat to credentials. A newly discovered WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Ann Johnson from Afternoon Cyber Tea chats with EY principal Adam Malone. Our guest is Toni Buhrke from Mimecast with a look at the State of Email Security. And is piracy patriotic?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/60Selected reading.Traffers and the growing threat against credentials (Outpost24 blog) WiFi protocol flaw allows attackers to hijack network traffic (BleepingComputer) Cross-chain bridge attacks. (CyberWire) 2023 Annual State of Email Security Report (Cofense)From Ukraine to the whole of Europe:cyber conflict reaches a turning point (Thales Group) Russia Ramps Up Cyberattacks On Ukraine Allies: Analysts (Barron's) Pro-Russian hackers shift focus from Ukraine to EU countries (Radio Sweden) Russian hackers attack Slovak governmental websites after country supplies Mig-29s to Ukraine (Ukrainska Pravda)Ukraine's Defense Ministry says Russia is encouraging online piracy (The Jerusalem Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter gets a subpoena for a source-code leaker’s information. The insider risk to data. Russian hacktivist auxiliaries target the French National Assembly. Recent trends in cyberattacks sustained by Ukraine. Ben Yelin unpacks the White House executive order on spyware. Mr. Security Answer Person John Pescatore ponders the permanence of ransomware. And Cyberespionage and cybercrime in the interest of Pyongyang’s weapons programs.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/59Selected reading.GitHub Suspends Repository Containing Leaked Twitter Source Code (SecurityWeek)Twitter takes down source code leaked online, hunts for downloaders (BleepingComputer)Annual Data Exposure Report 2023 (Code 42)Russian Hackers Target French National Assembly Website (Privacy Affairs)Pro-Russian Hacktivists: A Reaction to a Western Response to a Russian Aggression (Radware Blog)Ukraine at D+397: Cyberespionage and battlespace preparation. (CyberWire)APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations (Mandiant) Learn more about your ad choices. Visit megaphone.fm/adchoices

IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/58Selected reading.Fork in the Ice: The New Era of IcedID (Proofpoint)Emotet malware distributed as fake W-9 tax forms from the IRS (BleepingComputer)Internet Crime Complaint Center (IC3) | Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors (IC3)Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) 'Bitter' espionage hackers target Chinese nuclear energy orgs (BleepingComputer)UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers (PCMag Middle East)UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data (Record)OpenAI: ChatGPT payment data leak caused by open-source bug (BleepingComputer)OpenAI says a bug leaked sensitive ChatGPT user data (Engadget)March 20 ChatGPT outage: Here’s what happened (OpenAI)How Albania Became a Target for Cyberattacks (Foreign Policy) Russia’s Rostec allegedly can de-anonymize Telegram users (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic. Learn more about your ad choices. Visit megaphone.fm/adchoices