The CyberWire Daily Podcast 9.29.22
Ep 1673 | 9.29.22

Hackers support Iranian dissidents. Notes on C2C markets. Cyberespionage campaigns. Intercepted mobile calls from Russian troops expose morale problems.

Show Notes

Gray-hat support for Iranian dissidents. Selling access wholesale in the C2C market. Novel malware’s discovered targeting VMware hypervisors. The Witchetty espionage group uses an updated toolkit. Deepen Desai from Zscaler has a  Technical Analysis of Industrial Spy Ransomware. Ann Johnson of Afternoon Cyber Tea speaks with Michal Braverman-Blumenstyk, CTO for Microsoft Security, about Israel's cyber innovation. And Russian troops phone call revelations.

Selected reading.

Hacker Groups take to Telegram, Signal and Darkweb to assist Protestors in Iran (Check Point Software)

Hackers Use Telegram and Signal to Assist Protestors in Iran (Infosecurity Magazine)

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (The Hacker News)

Hackers seek to help — and profit from — Iran protests (The Record by Recorded Future)

Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit (Cybersixgill)

Selling access wholesale in the C2C market. (CyberWire) 

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors (Mandiant)

Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors (Mandiant) 

Mandiant has identified new malware that targets VMware ESXi, Linux vCenter servers, and Windows virtual machines. (CyberWire)

Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors (Securonix)

Steep#Maverick cyberespionage campaign. (CyberWire)

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East (Symantec)

Witchetty espionage group uses updated toolkit. (CyberWire)

‘Putin Is a Fool’: Intercepted Calls Reveal Russian Army in Disarray (New York Times) 

Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows (SecurityWeek)

Russian hackers' lack of success against Ukraine shows that strong cyber defences work, says cybersecurity chief (ZDNET)

Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC (ComputerWeekly)