The CyberWire Daily Podcast 9.22.22
Ep 1668 | 9.22.22

GRU operators masquerade as Ukrainian telecommunications providers. 2K Games Support compromised to spread malware. Developments in the cyber underworld.

Show Notes

GRU operators masquerade as Ukrainian telecommunications providers. Another video game maker is compromised to spread malware. Noberus may be a successor to Darkside and BlackMatter ransomware. Robert M. Lee from Dragos explains Crown Jewel analysis. Our guest is Nathan Hunstad from Code42 with thoughts on insider risk events. Threat actors have their insider threats, too.


Selected reading.

Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine (Recorded Future)

Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers (SecurityWeek)

Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine (WIRED)

CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. (CyberWire)

Iranian State Actors Conduct Cyber Operations Against the Government of Albania (CISA)

2K Games says hacked help desk targeted players with malware (BleepingComputer)

2K Games helpdesk hacked to spread malware to players (TechRadar)

Rockstar parent company hacked again as 2K Support sends users malware (Dexerto)

‘Grand Theft Auto VI’ leak is Rockstar’s nightmare, YouTubers’ dream (Washington Post)

Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics (Symantec) 

LockBit ransomware builder leaked online by “angry developer” (BleepingComputer)