The CyberWire Daily Podcast 3.31.22
Ep 1547 | 3.31.22

Moscow poorly served by its intelligence services, say London and Washington. Cyber phases of the hybrid war. A new zero-day, and some resurgent criminal activity.

Show Notes

Russian cyber operators collect against domestic targets. More details on the Viasat hack. Ukrainian hacktivists say they can interfere with Russian geolocation. Spring4shell is another remote-code-execution problem. The Remcos Trojan is seeing a resurgence. Malicious links distributed via Calendly. Johannes Ullrich from SANS on attack surface detection. Our guest is Fleming Shi from Barracuda on cybersecurity champions. Phishing with “emergency data requests.” Lapsus$ may be back from vacation.

Selected reading.

Vladimir Putin is being lied to by his advisers, says GCHQ (The Telegraph) 

U.S. intelligence suggests that Putin’s advisers misinformed him on Ukraine. (New York Times) 

White House: Intel shows Putin misled by advisers on Ukraine (AP NEWS) 

Russian troops sabotaging their own equipment and refusing orders in Ukraine, UK spy chief says (CNBC) 

Phishing campaign targets Russian govt dissidents with Cobalt Strike (BleepingComputer) 

KA-SAT Network cyber attack overview ( 

Tracking cyber activity in Eastern Europe (Google)

Ukrainian Hackers Take Aim at Russian Artillery, Navigation Signals (Defense One) 

Russian efforts in Ukraine have not yet spilled over into cyberattacks on US, says lawmaker (C4ISRNet)

New Spring Framework RCE Vulnerability Confirmed - What to do? (Sonatype) 

New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared (Contrast Security)

Spring Core on JDK9+ is vulnerable to remote code execution (Praetorian) 

Spring4Shell: No need to panic, but mitigations are advised (Help Net Security) 

Remcos Trojan: Analyzing the Attack Chain (Morphisec) 

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg) 

Fresh Phish: Phishers Schedule Victims on Calendar App (INKY) 

Lapsus$ claims Globant as its latest breach victim (TechCrunch)