The CyberWire Daily Podcast 3.21.22
Ep 1539 | 3.21.22

Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.

Show Notes

The widely expected, intense Russian cyber campaign has yet to appear. "Protestware" as a dangerous turn in hacktivism. Information operations and the persistence of independent channels of news. Social media as an opsec problem.Lapsus$ may have hit Microsoft. A second Brazilian gang tries its hand at extortion. A snakey backdoor afflicts French organizations. AD Bryan Vorndran of the FBI Cyber Division on what the agency brings to the table in the cyberspace. Rick Howard considers infrastructure as code. Emsisoft offers a free decryptor for Diavol ransomware.

Selected reading.

Volodymyr Zelensky tells Russia to seek ‘meaningful’ peace talks or face catastrophic losses (The Telegraph)

Cyber threats and the Ukraine conflict (Avast)

Cyber ‘cold war’ rages online but Russia holds back on massive digital attacks (Times of Israel) 

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict (Security Affairs) 

Former CIA officer shows what a Russian cyberattack on the US would look like (Fox News) 

EU and US agencies warn that Russia could attack satellite communications networks (Security Affairs) 

Banks on alert for Russian reprisal cyberattacks on Swift (Ars Technica) 

Activists are targeting Russians with open-source “protestware” (MIT Technology Review) 

Cyber warfare gets real for satellite operators (SpaceNews)

More Conti ransomware source code leaked on Twitter out of revenge (BleepingComputer) 

Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (Vice) 

Anonymous has unleashed a successful cyberwar to undermine Putin's Ukraine invasion (Fortune) 

Some Russians are breaking through Putin’s digital iron curtain — leading to fights with friends and family (Washington Post) 

On Russia's VK, anti-war messages defy Vladimir Putin's Ukraine censors (Newsweek)

Why Russia’s anti-war movement matters (Atlantic Council) 

Telegram Thrives Amid Russia’s Media Crackdown (Wall Street Journal) 

British soldiers are ordered off WhatsApp amid fears that sensitive military details could be accessed by Russian hackers (Daily Mail)

Microsoft Investigating Claim of Breach by Extortion Gang (Vice) 

Hacking group that went after NVIDIA may have also attacked Microsoft (Windows Central) 

Microsoft Allegedly Breached by LAPSUS Group (Cyber Kendra) 

Lapsus$ gang sends a worrying message to would-be criminals (Register) 

TransUnion cyber attack – hackers demand R225 million ransom (Business Tech).

TransUnion Confirms Data Breach at South Africa Business (SecurityWeek) 

UPDATE | TransUnion believes breach of 54 million SA records unrelated to current hack (Fin24) 

Banks move to protect consumers in wake of TransUnion cyberattack (TechCentral) 

Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain (Proofpoint) 

Emsisoft releases free decryptor for the victims of the Diavol ransomware (Security Affairs)