CyberWire Daily

Vikram Thakur of Symantec Threat Hunter team joins Dave Bittner to discuss their work on Daxin, a new and the most advanced piece of malware researchers have seen from China-linked actors. Symantec said " There is strong evidence to suggest the malware, Backdoor.Daxin, which allows the attacker to perform various communications and data-gathering operations on the infected computer, has been used as recently as November 2021 by attackers linked to China."They go on to explain how Daxin is used to target organizations and governments of strategic interest to China and how those agencies can protect themselves. Symantec also discusses how this is the most advanced piece of malware their researchers have seen.The research can be found here:Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian and Ukrainian operators exchange cyberattacks. Wiper malware: contained, but a potentially resurgent threat. #OpRussia update. DDoS in Romania. Flash loan caper hits a DeFi platform. Coca-Cola investigates Stormous breach claims. CISA issues two new ICS advisories. Caleb Barlow on cleaning up the digital exhaust of your home. Our guests are Freddy Dezeure and George Webster on reporting cyber risk to boards. A Declaration for the Future of the Internet.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/83Selected reading.Russian missiles bombard Kyiv during UN chief’s visit (The Telegraph) Zelenskiy urges ‘strong response’ after Russia strikes Kyiv during UN Ukraine visit (the Guardian) Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector (Security Affairs) Ongoing DDoS attacks from compromised sites hit Ukraine (Security Affairs) Ukraine’s Digital Battle With Russia Isn’t Going as Expected (Wired) CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine (CISA) Government and researchers keep US attention on Russia's cyber activity in Ukraine (The Record by Recorded Future) CISA Adds New Russian Malware to Cyber Advisory (Nextgov) An Overview of the Increasing Wiper Malware Threat (Fortinet Blog) Cyber Attacks Hit Romanian Government Websites (Balkan Insight) More than $13 million stolen from DeFi platform Deus Finance (The Record by Recorded Future) Coca-Cola Investigates Hacking Claim (Wall Street Journal) Coca-Cola investigating data breach claims by Stormous group (Computing) Has 'clown show' hacking gang Stormous really breached Coca-Cola? (Tech Monitor) Delta Electronics DIAEnergie (CISA) Johnson Controls Metasys (CISA) 1A Declaration for the Future of the Internet (The White House) FACT SHEET: United States and 60 Global Partners Launch Declaration for the Future of the Internet (The White House) US joins 55 nations to set rules for internet, with eye on China and Russia (South China Morning Post)China, India, Russia missing from future of internet pledge by US, EU, and 33 others (ZDNet) US, partners launch plan for 'future' of internet, as China, Russia use 'dangerous' malign practices (Fox News) U.S. joins 55 nations to set new global rules for the internet (Reuters)Reporting Cyber Risk to Boards. Board Edition.Reporting Cyber Risk to Boards. CISO Edition. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft summarizes the scale of Russian cyberattacks against Ukraine. Russian cyber capabilities should be neither overestimated nor underestimated. Russia has also come under cyberattack during its hybrid war. Chinese intelligence services are paying close attention to Russian targets. The Five Eyes advise us on “routinely exploited vulnerabilities.” Physical sabotage as cyberattack. Linda Gray-Martin and Britta Glade from RSA discuss what’s new at RSAC and cybersecurity trends. Marc van Zadelhoff of Devo talks about their new podcast Cyber CEOs Decoded coming to the CyberWire network. And, hey kids, name that mascot.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/82Selected reading.Special Report: Ukraine (Microsoft) Russian Cyber Capabilities Have ‘Reached Their Full Potential,’ Ukrainian Official Says (Wall Street Journal) Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload (Nozomi Networks) Russia Is Being Hacked at an Unprecedented Scale (Wired)BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog (Secureworks)CISA, FBI, NSA, and International Partners Warn Organizations of Top Routinely Exploited Vulnerabilities (National Security Agency/Central Security Service) The Air Force is trusting the internet to name its ridiculous new cybersecurity mascot (Task & Purpose) Learn more about your ad choices. Visit megaphone.fm/adchoices

Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, “The Art of Cyberwarfare - An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime.” And the US Department of State has added six Russian GRU officers to its Rewards for Justice program.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/81Selected reading.Britain says Ukraine controls majority of its airspace (Reuters) Latest strikes on Russia hint daring Ukraine is not intimidated by the Kremlin (The Telegraph) West gearing up to help Ukraine for ‘long haul’, says US defence secretary (the Guardian) U.S., allies promise to keep backing Ukraine in its war with Russia (Washington Post) Russia-linked hackers claim to have breached Coca-Cola Company (CyberNews)Stormous ransomware gang claims to have hacked Coca-Cola (Security Affairs) Chinese drone-maker DJI quits Russia and Ukraine (Register) Russia to Cut Gas to Poland and Bulgaria, Making Energy a Weapon (Bloomberg) Russia cuts off gas to Poland, Bulgaria, stoking tensions with E.U. over Ukraine (Washington Post) Why Russia’s Economy Is Holding On (Foreign Policy) Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets (Symantec)A "Naver"-ending game of Lazarus APT (Zscaler)U.S. offers $10 mln reward for information on Russian intelligence officers -State Dept (Reuters)US offering $10 million for info on Russian military hackers accused of NotPetya attacks (The Record by Recorded Future) Rewards for Justice – Reward Offer for Information on Russian Military Intelligence Officers Conducting Malicious Activity Against U.S. Critical Infrastructure - United States Department of State (United States Department of State) Learn more about your ad choices. Visit megaphone.fm/adchoices

Heightened cyber tension as Quds Day approaches. Costa Rican electrical utility suffers from Conti ransomware. Emotet’s operators seem to be exploring new possibilities. North Korean cyber operators target journalists who cover the DPRK. A guilty plea in a strange case of corporate-connected cyberstalking. Bel Yelin ponders the potential Twitter takeover. Mr. Security Answer Person John Pescatore addresses questions about vendors. And cybercrime, run like a business.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/80Selected reading.Russia’s invasion of Ukraine: List of key events from day 62 (Al Jazeera) Ukraine takes war behind enemy lines as Russian fuel depots set ablaze (The Telegraph) Russia pounds eastern Ukraine as West promises Kyiv new arms (AP NEWS) Finland, Sweden to begin NATO application in May, say local media reports (Reuters) ‘Thanks, Putin’: Finnish and Swedish Lawmakers Aim for NATO Membership (Foreign Policy) World War Three now a 'real' danger, Russian foreign minister Sergei Lavrov warns (The Telegraph) Moscow cites risk of nuclear war as U.S., allies pledge heavier arms for Ukraine (Reuters) Russia Warns of Nuclear War Risk as Ukraine Talks Go On (Bloomberg) From Jordan to Japan: US invites 14 non-NATO nations to Ukraine defense summit (Breaking Defense)State TV says Iran foiled cyberattacks on public services (AP NEWS)State TV Says Iran Foiled Cyberattacks on Public Services (SecurityWeek)Iranian hackers claim they’ve hit the Bank of Israel - but ‘no proof,’ cyber authority says (Haaretz)North Korean hackers targeting journalists with novel malware (BleepingComputer)The ink-stained trail of GOLDBACKDOOR (Stairwell)Conti ransomware cripples systems of electricity manager in Costa Rican town (The Record by Recorded Future) Emotet Tests New Delivery Techniques (Proofpoint) Ex-eBay exec pleads guilty to harassing couple whose newsletter raised ire (Reuters)Mastermind of Natick couple’s harassment pleads guilty (Boston Globe) Former eBay Executive Pleads Guilty to His Role in Cyberstalking Campaign (US Department of Justice) Cyberkriminelle bieten Schadsoftware kostenlos an (IT-Markt) Learn more about your ad choices. Visit megaphone.fm/adchoices

Anonymous counts coup with their #OpRussia campaign. Alternative energy suppliers in Europe sustain cyberattacks. What Lapsus$ internal chatter reveals. Costa Rica won’t pay Conti’s ransom. Rick Howard hits the history books. Our guest is Paul Giorgi of XM Cyber with a look at multi-cloud hopping. Locked Shields wraps up.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/79Selected reading.Ukraine's Postal Service DDOS'd After Printing Moskova Stamps (Gizmodo) Since declaring cyber war on Russia Anonymous leaked 5.8 TB of Russian data (Security Affairs)European Wind-Energy Sector Hit in Wave of Hacks (Wall Street Journal) Schneider Electric says no evidence that Incontroller/Pipedream malware exploits vulnerabilities (MarketScreener) Aid groups helping Ukraine face both cyber and physical threats (CNN) Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code (KrebsOnSecurity) Lapsus$ hackers breached T-Mobile’s systems and stole its source code (The Verge)Lapsus$ hackers targeted T-Mobile (TechCrunch)FBI Warns of Targeted Cyberattacks on Food Plants Amid Heightened Coverage of Fires (NTD) Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons (IC3) Cyberattack causes chaos in Costa Rica government systems (ABC News) Finland wins NATO cyber defense competition (C4ISRNet) Learn more about your ad choices. Visit megaphone.fm/adchoices

Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like a clear bullseye" She goes on to explain how this target map is helping her to create real change and ultimately makes an impact. We thank Danielle for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

John Hammond from Huntress joins Dave Bittner on this episode to discuss malware known as BABYSHARK and how it is swimming out for blood once again. Huntress's research says "This activity aligns with known tradecraft attributed to North Korean threat actors targeting national security think tanks."Huntress also adds that the activity was spotted on February 16th and immediately their ThreatOps team began following the trail of breadcrumbs. They said "This led them to uncover the malware that was set to target specifically this organization–and certain influential individuals within it."The research can be found here:Targeted APT Activity: BABYSHARK Is Out for Blood Learn more about your ad choices. Visit megaphone.fm/adchoices

A look at Russian malware used against Ukrainian targets. Actual and potential targets harden themselves against Russia cyberattacks. Sanctions and the criminal underworld. Conti’s fortunes. A credential stealer resurfaces in corporate networks. BlackCat ransomware warning. Tomer Bar from SafeBreach discusses MuddyWaters. Dr. Christopher Emdin previews his new book STEM, STEAM, Make, Dream. CISA releases three more ICS security advisories.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/78Selected reading.Russia outlines when Ukraine war will end (Newsweek) Russia racing against clock to win Ukraine war before May 9 'Victory Day' (Newsweek) A deeper look at the malware being used on Ukrainian targets (The Record by Recorded Future)Ukraine ramps up cyber defences to slow surge in attacks (The Straits Times)Five Eyes Alert Warns of Heightened Risk of Russian Cyber Attacks (Bloomberg) Preparing for Energy Industry Cyberattacks (Wall Street Journal)US sets dangerous precedents in cyberspace (Global Times) Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting (Flashpoint) U.S. Treasury Designates Facilitators of Russian Sanctions Evasion (U.S. Department of the Treasury)Russia says nyet, sanctions Mark Zuckerberg, LinkedIn’s Roslansky, VP Harris and other US leaders (TechCrunch) Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting (Flashpoint) GOLD ULRICK continues Conti operations despite public disclosures (Secureworks) Costa Rica's Alvarado says cyber​​attacks seek to destabilize country as government transitions (Reuters)Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire (eSentire) BlackCat/ALPHV Ransomware Indicators of Compromise (IC3) FBI: BlackCat ransomware breached at least 60 entities worldwide (BleepingComputer) Delta Electronics ASDA-Soft (CISA) Johnson Controls Metasys SCT Pro (CISA) Hitachi Energy MicroSCADA Pro/X SYS600 (CISA)  Learn more about your ad choices. Visit megaphone.fm/adchoices

A renewed Five Eyes’ warning about potential Russian cyberattacks. The FBI warns of the threat of ransomware attacks against the agriculture sector. REvil may be back in business. Carole Theriault shares insights on bug bounty programs. Our own Rick Howard checks in with Zack Barack from Coralogix on where things stand with XDR. And beware of threats of Facebook account suspension.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/77Selected reading.Russian State-Sponsored and Criminal Cyber Threats to Critical InfrastructureUS and allies warn of Russian hacking threat to critical infrastructureREvil's TOR sites come alive to redirect to new ransomware operation (FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons (Phishing Site on Facebook Domain Used to Steal Credentials Learn more about your ad choices. Visit megaphone.fm/adchoices