Back in April the CyberWire began a partnership with Recorded Future on a new weekly podcast: Inside Threat Intelligence for Cyber Security. Our collaboration has resulted in thirteen weekly episodes so far, with many more on the way. The show kicked off with 001 (What Exactly Is Threat Intelligence?). Subsequent episodes have covered a range of stories and topics in the field. Here's a sampling of some of the more immediately topical ones you may wish to catch up with this week: 002 (Feeding Frenzy: The Inside Scoop on Threat Intelligence Feeds), 004 (Going Dark: Fact vs. Fiction on the Dark Web), 008 (Military Meets Commercial Threat Intelligence), 009 (From Russia With Lulz), 010 (Becoming an Analyst Part 1: Government), and most recently 013 (Be Vewy Vewy Quiet: We’re Hunting Threats). We appreciate all the great listener feedback we’ve already received, and if you're not following along already, we hope you'll give the new podcast a listen. Check it out on iTunes or use your favorite app today.
"BothanSpy" and "Gyrfalcon" released from Vault7. Petya decryptor won't help NotPetya victims, as recovery continues. US FBI, DHS warn of attempts on power plants. Twitter's anti-gag-order suit may proceed. WWE sustains a data breach.
WikiLeaks dumped its latest tranche of Vault7 documents yesterday. These purport to describe alleged CIA implants targeting Windows ("BothanSpy") and Linux ("Gyrfalcon") systems.
Petya's author released decryption keys for the ransomware's original form. That won't help victims of NotPetya, which is now understood to be a distinct bit of malware masquerading as Petya. It's generally agreed that NotPetya spread initially from a compromised software update for M.E. Doc tax accounting software (widely used in Ukraine). Bleeping Computer reports (sourcing Cisco and others) that M.E. Doc's vendor, Intellect Service, had been backdoored three times, and that it hadn't updated its servers since 2013.
Ukraine hasn't backed off from attributing the NotPetya campaign to Russia. The other damage the malware did around the world may have been simply collateral damage (or perhaps welcome gravy, from the attackers' point of view). Recovery proceeds, and affected companies are still seeking to get a handle on the extent of their financial hit. In some cases losses may prove material.
US authorities have warned that power plants, including at least one nuclear installation, may have been at risk of cyber intrusions, but so far no significant successful attacks have been noted.
A US Federal judge ruled that Twitter's suit opposing gag orders concerning surveillance requests may proceed: the Government failed to show that such gag orders averted a clear and present danger.
The professional wrestling impresarios at the WWE disclose a breach of customer data. About three million wrasslin' fans' personal data may have been exposed.
Today's issue includes events affecting Australia, Bangladesh, European Union, Germany, Iraq, Luxembourg, Pakistan, Poland, Russia, Singapore, Syria, Ukraine, United Kingdom, and United States.