CyberWire Daily

The FBI and MI-5 warn of Chinese industrial espionage. Revelations of Trickbot's privateering role. Russian influence operations target France, Germany, Poland, and Turkey. Chinese APTs target Russian organizations in a cyberespionage effort. Robert M. Lee from Dragos on CISA expanding the Joint Cyber Defense Collaborative. Ben Yelin speaks with Matt Kent from Public Citizen about the American Innovation and Online Choice Act. And who would guess it, but NFT scams are pestering Ukraine.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/129Selected reading.Heads of FBI, MI5 Issue Joint Warning on Chinese Spying (Wall Street Journal) FBI and MI5 leaders give unprecedented joint warning on Chinese spying (the Guardian)FBI and MI5 bosses: China cheats and steals at massive scale (Register)FBI director suggests China bracing for sanctions if it invades Taiwan (Washington Post) Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine (Security Intelligence)Trickbot may be carrying water for Russia (Washington Post)Russia Info Ops Home In on Perceived Weak Links (VOA)Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs (SentinelOne)Chinese hackers targeting Russian government, telecoms: report (The Record by Recorded Future)Near-undetectable malware linked to Russia's Cozy Bear (Register)Russia's Cozy Bear linked to nearly undetectable malware (Computing)When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors (Unit 42) NFT scammers see an opportunity in Ukraine donations (The Record by Recorded Future) Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations.AA22-187A Alert, Technical Details, and MitigationsStairwell Threat Report: Maui RansomwareNorth Korea Cyber Threat Overview and AdvisoriesUpdated Advisory on Potential Sanctions Risks for Facilitating Ransomware PaymentsNational Conference of State Legislatures: Security Breach Notification LawsHealth Breach Notification RuleProtecting Sensitive and Personal Information from Ransomware-Caused Data BreachesStopRansomware.govCISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware GuideAll organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Quantum computing and security standards. Notes on the cyber phases of a hybrid war, and how depressingly conventional cybercrime persists in wartime. Pyongyang operators are using Maui ransomware against healthcare targets. Malek Ben Salem from Accenture looks at the security risks of GPS. Our guest is Brian Kenyon of Island to discuss enterprise browser security. Shanghai's big data exposure.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/128Selected reading.NIST Announces First Four Quantum-Resistant Cryptographic Algorithms (NIST)Winners of NIST's post-quantum cryptography competition announced (Computing) NIST unveils four algorithms that will underpin new 'quantum-proof' cryptography standards (SC magazine) NIST Identifies 4 Quantum-Resistant Encryption Algorithms (Nextgov.com)Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats (CISA)Quantum-resistant encryption recommended for standardization (Register)Keeping Phones Running in Wartime Pushes Kyivstar to the Limit (Bloomberg)The Ukraine war could provide a cyberwarfare manual for Chinese generals eyeing Taiwan (CyberScoop)Ukrainian police takes down phishing gang behind payments scam (ZDNet)Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict (Security Affairs) North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (CISA) Reports (Moody’s)Clarion Housing ‘cyber incident’ affects thousands of tenants (Cambs Times) In a big potential breach, a hacker offers to sell a Chinese police database. (New York Times)Nearly one billion people in China had their personal data leaked, and it's been online for more than a year (CNN) China data breach likely to fuel identity fraud, smishing attacks (ZDNet) China Tries to Censor What Could Be Biggest Data Hack in History (Gizmodo) Here are four big questions about the massive Shanghai police leak (Washington Post)Shanghai Data Breach Exposes Dangers of China’s Trove (Bloomberg) Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattack hits a Ukrainian energy provider. NCSC updates its guidance on preparing for a long-term Russian cyber campaign. Royal Army accounts are hijacked. A hacktivist group claims to have hit Iranian sites. A very very large database of PII is for sale on the dark web. Chase Snyder from ExtraHop has a look back at WannaCry, 5 years on. Ben Yelin examines the constitutionality of keyword search warrants. And a rogue employee makes off with bug reports.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/127Selected reading.Russian hackers allegedly target Ukraine's biggest private energy firm (CNN)Proruskí hackeri opäť útočili. Ďalšia významná spoločnosť hlási, že čelila kybernetickým útokom (Vosveteit.sk)Preparing for the long haul: the cyber threat from Russia (NCSC)Official British Army Twitter and YouTube accounts hijacked by NFT scammers (Hot for Security)British army confirms breach of its Twitter and YouTube accounts (the Guardian) British Army hit by cyberattack as Twitter and YouTube accounts hacked (The Telegraph) Iranians' Remote Access to Banking Services Cut Off Over 'Cyber Attacks' (IranWire) (Video) Iranian regime’s Islamic Culture and Communications Organization targeted in massive cyber offensive (EIN News)Hackers Claim Theft of Police Info in China’s Largest Data Leak (Bloomberg) Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data (HackRead)Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web (ZDNet) Hacker claims to have stolen 1 bln records of Chinese citizens from police (Reuters) HackerOne disclosed on HackerOne: June 2022 Incident Report (HackerOne) HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains (The Hacker News)Rogue HackerOne employee steals bug reports to sell on the side (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Marc and Patrick Morley, former CEO of Carbon Black, get nostalgic as they discuss Patrick's journey of coming up through the start up scene in the 90s—from working with VCs to taking companies public—and compare it to running cyber companies today. Along with the early career experience that helped form Patrick's leadership philosophy, he shares his experience of becoming CEO of Bit9, seeing the company through a breach, acquiring Carbon Black, bring the company public and later getting acquired by VMWare—this episode is filled to the brim.You'll also learn about: How build a criteria for joining a start up Why cyber is the most mission-driven area of tech What it's like to call 600 customers in 2 days after a breach and not lose a single one Seven philosophies for running a cyber company Learn more about your ad choices. Visit megaphone.fm/adchoices

Larry Cashdollar from Akamai, joins Dave to discuss their research on a DDoS campaign claiming to be REvil. The research shares that Akamai's team was notified last week of an attack on one of their hospitality customers that they called "Layer 7" by a group claiming to be associated with REvil. In the research, they dive into the attack, as well as comparing it to other similar attacks that have been made by the group.The research states "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website." It also stated that this is a smaller attack than they have seen by the group before, and notes that there seems to be more of a political agenda behind the attack, whereas in the past, REvil has been less political.The research can be found here:REvil Resurgence? Or a Copycat? Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on the DDoS attack against Norway. NATO's resolutions on cyber security. North Korea seems to be behind the Harmony cryptocurrency heist. MedusaLocker warninga. Microsoft sees improvements in a gang's technique. Google blocks underworld domains. The Israeli-Iranian conflict in cyberspace. Chris Novak from Verizon with his take on this year’s DBIR. Our guest is Jason Clark of Netskope on the dynamic challenges of a remote workforce.And Now among the FBI’s Ten Most Wanted: one Crypto Queen.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/126Selected reading.Pro-Russian hackers launched a massive DDoS attack against Norway (Security Affairs)NATO establishes program to coordinate rapid response to cyberattacks (POLITICO) NATO to create cyber rapid response force, increase cyber defense aid to Ukraine (CyberScoop)FACT SHEET: The 2022 NATO Summit in Madrid | The White House (The White House)North Korean Lazarus hackers linked to Harmony bridge thef (TechCrunch) North Korea Suspected of Plundering Crypto to Fund Weapons Programs (Wall Street Journal)Crypto crash threatens North Korea's stolen funds as it ramps up weapons tests (Reuters)CISA Alert AA22-181A – #StopRansomware: MedusaLocker. (CISA Cybersecurity Alerts with the CyberWire)#StopRansomware: MedusaLocker (CISA)Microsoft warning: This malware that targets Linux just got a big update (ZDNet) Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (The Hacker News) Google blocked dozens of domains used by hack-for-hire groups (BleepingComputer)Countering hack-for-hire groups (Google)Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack (Times of Israel)Proofpoint: Zionist covert operation? (PressTV)Zionist intelligence company cyberattacked by Iraqi hackers (Mehr)FBI Offers $100,000 Reward for Capture of Ten Most Wanted Fugitive ‘Cryptoqueen’ (FBI) Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA, the FBI, the Department of the Treasury, and the Financial Crimes Enforcement Network are releasing this alert to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol to access victims’ networks.AA22-181A Alert, Technical Details, and MitigationsStop RansomwareCISA Ransomware GuideCISA No-cost Ransomware ServicesAll organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Killnet hits Norwegian websites. Hacktivists are tied to Russia's government. Amunet as a case study in C2C market differentiation. C2C commodification extends to script kiddies. Andrea Little Limbago from Interos examines borderless data. Rick Howard speaks with Cody Chamberlain from NetSPI on Breach Communication. Roscosmos publishes locations of Western defense facilities…and subsequently says it sustained a DDoS attack.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/125Selected reading.Pro-Russian hacker group says it attacked Norway (The Independent Barents Observer)Cyberattack hits Norway, pro-Russian hacker group fingered (AP NEWS)Norway blames "pro-Russian group" for cyber attack (Reuters)Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’ (Bloomberg)Market Differentiation: Cybercriminal Forums’ Unusual Features Designed To Attract Users (Digital Shadows)Minors Use Discord Servers to Earn Extra Pocket Money Through Spreading Malware (PR Newswire)Russia publishes Pentagon coordinates, says Western satellites 'work for our enemy' (Reuters)Russian Space Agency Targeted in Cyberattack (Wall Street Journal)Cyberattack hits Russian space agency site after sharing NATO photos (Jerusalem Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

NATO's response to Killnet's cyberattacks on Lithuania. Influence operations in the interest of national market share. SOHO routers are under attack. YTStealer is out and active in the wild. RansomHouse hits AMD. CISA releases six ICS security advisories. The most dangerous software weaknesses. Betsy Carmelite from Booz Allen Hamilton takes a look back at Biden’s executive order on cyber. Our guest is Philippe Humeau of CrowdSec on taking a collaborative approach to security. And a guilty plea in the case of the NetWalker affiliate.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/124Selected reading.Could the Russian cyber attack on Lithuania draw a military response from NATO? (Sky News) Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance (Mandiant)ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks (Lumen) New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (Hacker News)RansomHouse Extortion Group Claims AMD as Latest Victim (RestorePrivacy) RansomHouse gang claims to have some stolen AMD data (Register)CISA releases 6 Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency)2022 CWE Top 25 Most Dangerous Software Weaknesses (CISA) Netwalker ransomware affiliate agrees to plead guilty to hacking charges (The Record by Recorded Future) Learn more about your ad choices. Visit megaphone.fm/adchoices