Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.
Gray-hat support for Iranian dissidents. Selling access wholesale in the C2C market. Novel malware’s discovered targeting VMware hypervisors. The Witchetty espionage group uses an updated toolkit. Deepen Desai from Zscaler has a Technical Analysis of Industrial Spy Ransomware. Ann Johnson of Afternoon Cyber Tea speaks with Michal Braverman-Blumenstyk, CTO for Microsoft Security, about Israel's cyber innovation. And Russian troops phone call revelations.
Selected reading.
Hacker Groups take to Telegram, Signal and Darkweb to assist Protestors in Iran (Check Point Software)
Hackers Use Telegram and Signal to Assist Protestors in Iran (Infosecurity Magazine)
Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (The Hacker News)
Hackers seek to help — and profit from — Iran protests (The Record by Recorded Future)
Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit (Cybersixgill)
Selling access wholesale in the C2C market. (CyberWire)
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors (Mandiant)
Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors (Mandiant)
Steep#Maverick cyberespionage campaign. (CyberWire)
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East (Symantec)
Witchetty espionage group uses updated toolkit. (CyberWire)
‘Putin Is a Fool’: Intercepted Calls Reveal Russian Army in Disarray (New York Times)
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows (SecurityWeek)
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC (ComputerWeekly)