The CyberWire Daily Podcast 6.2.22
Ep 1591 | 6.2.22

Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.

Show Notes

Russian government agencies are buying VPNs. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Carole Theriault has the latest on fraudsters imitating law enforcement. Kevin Magee from Microsoft on security incentives by way of insurance. And leak brokers and booters shut down.

Selected reading.

White House: cyber activity not against Russia policy (Reuters) 

Some see cyberwar in Ukraine. Others see just thwarted attacks. (Washington Post) 

ESET Threat Report details targeted attacks connected to the Russian invasion of Ukraine and how the war changed the threat landscape (ESET) 

Ukraine - 100 days of war in cyberspace (CyberPeace Institute) 

Russian VPN Spending (Top 10 VPN)

Karakurt Data Extortion Group (CISA)

Karakurt Data Extortion Group (CISA) 

US Agencies: Karakurt extortion group demanding up to $13 million in attacks (The Record by Recorded Future)

Clipminer Botnet Makes Operators at Least $1.7 Million (Symantec Enterprise Blog)

GootLoader Expands its Payloads Infecting a Law Firm with IcedID (eSentire) 

WeLeakInfo.to and Related Domain Names Seized (US Department of Justice)