CyberWire Daily

US National Security Advisor says atrocities were part of Russia's plan. Russian commanders seek to keep troops away from dangerous sections of the Internet. Cyberattacks in Finland may be a shot across Helsinki's bow. CERT-UA warns of a phishing campaign. Hacktivists hit Russian organizations. Mixed reviews for US preemptive measures against GRU botnets. Sharkbot-infested apps ejected from Google Play. Johannes Ullrich from SANS on malicious ISO files embedded in HTML. Our guest is Neal Dennis from Cyware on threat intel sharing with members of Auto-ISAC. What you should do when your Shields are Up.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/69Selected reading.Russia Shuffles Command in Ukraine as Thousands Flee the East (New York Times) Sullivan: Intel indicates plan from ‘highest levels’ of Russian government to target civilians (The Hill) Russian soldiers banned from social media as ‘uncomfortable truths’ drain their morale (The Telegraph) West Seeks to Pierce Russia’s Digital Iron Curtain (Foreign Policy)YouTube blocks Russian parliament channel, drawing ire from officials (Reuters) U.S. quietly paying millions to send Starlink terminals to Ukraine, contrary to SpaceX claims (Washington Post)Hackers use Conti's leaked ransomware to attack Russian companies (BleepingComputer) Державна служба спеціального зв’язку та захисту інформації України (GUR)How Russia's Invasion Triggered a US Crackdown on Its Hackers (Wired)The U.S. Opens a Risky New Front in Cyberdefense (Bloomberg) Meet the 1,300 librarians racing to back up Ukraine’s digital archives (Washington Post) The Race to Save Posts That May Prove Russian War Crimes (Wired) Exclusive: Senior EU officials were targeted with Israeli spyware (Reuters) SharkBot Android Malware Continues Popping Up on Google Play (SecurityWeek) SharkBot Banking Trojan spreads through fake AV apps on Google Play (Security Affairs) Sharing Cyber Event Information: Observe, Act, Report (CISA) Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. " I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states what she does and how she got to be where she is today. We thank Chenxi for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited.CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsoft’s Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux systemThe research can be found here:How Docker Made Me More Capable and the Host Less Secure Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian disinformation in its war against Ukraine. Overhead imagery and electronic intercepts suggest that Russian atrocities are matters of policy and strategy. Microsoft disrupts GRU cyber operations. Facebook takes down Iranian coordinated inauthenticity. India’s Power Ministry says it stopped a Chinese cyberattack. Dave Dufour from Webroot on evolving attack mechanisms. Our guest is Dan Petro of Bishop Fox with a warning for document redaction. Grid security and the value of exercises.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/68Selected reading.Putin’s ‘probably given up’ on Kyiv as Ukraine war enters new phase (Defense News) Ukraine says 39 killed in rocket strike on rail evacuation hub (Reuters)Russian rocket attack on Kramatorsk train station kills dozens—Ukraine (Newsweek) Possible Evidence of Russian Atrocities: German Intelligence Intercepts Radio Traffic Discussing the Murder of Civilians in Bucha (Der Spiegel)Germany intercepts Russian talk of indiscriminate killings in Ukraine (Washington Post) Microsoft says it disrupted Russian cyberattacks targeting Ukraine, West (The Hill)Disrupting cyberattacks targeting Ukraine - Microsoft On the Issues (Microsoft On the Issues) GridEx VI Lessons Learned Report (NERC)Power Grid Stress Test Finds Low-Tech Needs for High-Tech Problems (Wall Street Journal) Dire grid hacking scenario sparked “shields up” approach to Russian threat (Medium) Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on US cyber defensive operations and the war in Ukraine. You can’t tell your oligarchs without a scorecard. Google ejects data-harvesting apps from Play. China preps the cyber battlespace against India’s power grid. More moves against Hydra Market. Bearded Barbie’s catphishing. Betsy Carmelite from BAH on a blueprint for achieving a secure and resilient dot gov. Our guest is Padraic O'Reilly from CyberSaint with a fresh look at ransomware. And your majesty, meet this here dissident, who also needs to move money for the best of reasons….For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/67Selected reading.Pentagon: Russia has fully withdrawn from Kyiv, Chernihiv (Washington Post) Zelenskyy tells UN: Act now on Russia or dissolve yourself altogether (Atlantic Council) DoJ takes down Russian botnet that targeted WatchGuard and Asus routers (ZDNet) FBI Disables "Cyclops Blink" Botnet Controlled by Russian Intelligence Agency (SecurityWeek) Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) (US Department of Justice) Adversarial Threat Report (Meta)Facebook cracks down on covert influence networks targeting Ukraine (Washington Post)Russian-backed hackers broke into Facebook accounts of Ukrainian military officials (CBS News) Britain slaps sanctions on Russia’s biggest bank  (The Telegraph) Russia hit with new round of U.S. sanctions as Biden decries 'major war crimes' (Reuters) U.S. to Sanction Putin Children, Banks Over Bucha Atrocities (Bloomberg)The Forbes Ultimate Guide To Russian Oligarchs (Forbes) Suspected Chinese Hackers Collect Intelligence From India’s Grid (Bloomberg) Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (Recorded Future) Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials (Cybereason) Google Bans Apps With Hidden Data-Harvesting Software (Wall Street Journal)The Nigerian Prince Scam, with a Russian Twist (Avanan) Learn more about your ad choices. Visit megaphone.fm/adchoices

There’s a maneuver lull in Russia’s hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is...For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/66Selected reading.Russian military ‘weeks’ from being ready for new push as war takes its toll (The Telegraph)Russia's failure to take down Kyiv was a defeat for the ages (AP NEWS)U.S. Cyber Command providing cyber expertise and intelligence in Ukraine's fight against Russia (FedScoop) Cyber Command chief: U.S. has 'stepped up' to protect Ukraine's networks (The Record by Recorded Future) How Ukraine has defended itself against cyberattacks – lessons for the US (FIU News) Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity (Symantec) Fake e‑shops on the prowl for banking credentials using Android malware (WeLiveSecurity) CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog (The Record by Recorded Future) LifePoint Informatics Patient Portal (CISA) Rockwell Automation ISaGRAF (CISA) Johnson Controls Metasys (CISA) Philips Vue PACS (Update A) (CISA)Treasury Sanctions Russia-Based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (U.S. Department of the Treasury)Most Common Passwords 2022 - Is Yours on the List? (CyberNews) Learn more about your ad choices. Visit megaphone.fm/adchoices

Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someone’s carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/65Selected reading.Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times) Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations (Intezer) Germany takes down Hydra, world's largest darknet market (BleepingComputer)LAPSUS$ hacks continue despite two hacker suspects in court (Naked Security) FIN7 hackers evolve toolset, work with multiple ransomware gangs (BleepingComputer)Notorious hacking group FIN7 adds ransomware to its repertoire (CyberScoop)Hackers breach MailChimp's internal tools to target crypto customers (BleepingComputer) Email marketing giant Mailchimp has confirmed a data breach (TechCrunch)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Doxing, trolling, and censorship in a hybrid war. Western organizations remain on alert for a Russian cyber campaign. Known Russian threat actors continue operations against Ukraine proper. Borat RAT described. Welcome the US State Department’s Bureau of Cyberspace and Digital Policy. National Supply Chain Integrity Month. Your wild ways will break your mother’s heart. Rick Howard weighs in on Shields Up. Josh Ray from Accenture on ideological differences on underground forums. And fast food as an OPSEC issue (and an OSINT source).For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/64Selected reading.Ukraine intelligence leaks names of 620 alleged Russian FSB agents (Security Affairs) Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church (Security Affairs) Listen Now: Deputy national security adviser talks about the risk of Russia waging cyberwar (NPR One) Inside Cyber Front Z, the ‘People’s Movement’ Spreading Russian Propaganda (Vice)Ukraine Accuses Russia of Using WhatsApp Bot Farm to Ask Military to Surrender (Vice)‘It’s like 1937’: Informants denounce anti-Ukraine war Russians (The Telegraph) Cyber Espionage Actor Deploying Malware Using Excel (Bank Info Security)New Borat remote access malware is no laughing matter (BleepingComputer)Deep Dive Analysis – Borat RAT (Cyble)Establishment of the Bureau of Cyberspace and Digital Policy (United States Department of State) Supply Chain Integrity Month (CISA) April is National Supply Chain Integrity Month.As Russia Plots Its Next Move, an AI Listens to the Chatter (Wired) Data leak from Russian delivery app shows dining habits of the secret police (The Verge)  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all about kind of this relentless pursuit of justice" and how the risks in his life has helped to right the wrongs of the world. We thank Michael for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices