The CyberWire Daily Podcast 12.12.22
Ep 1721 | 12.12.22

Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.

Show Notes

TrueBot found in Cl0p ransomware attacks. Royal ransomware targets the healthcare sector. Recent Iranian cyber activity. A night at the opera: an update on the cyberattack against the Metropolitan Opera. New Cloud Atlas activity reported. Europe looks to the cybersecurity of its power grid. Rob Boyce from Accenture describes Dark web actors diversifying their toolsets. Rick Howard explains fractional CISOs. And international support for Ukrainian cyber defense continues, more extensively and increasingly overt.

Selected reading.

Breaking the silence - Recent Truebot activity (Cisco Talos Blog)

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (The Hacker News) 

TrueBot infections were observed in Clop ransomware attacks (Security Affairs) 

Clop ransomware uses TrueBot malware for access to networks (BleepingComputer) 

Royal Ransomware (US Department of Health and Human Services)

US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals (The Record by Recorded Future) 

Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool (Dark Reading)

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics (The Hacker News)

New MuddyWater Campaign Uses Legitimate Remote Administration Tools to Deploy Malware (Cyber Security News)

Shows will go on at Met Opera despite cyber-attack that crashed network (ABC7 New York)

Cyberattack disrupts Metropolitan Opera (SC Media)

Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine (Check Point Research)

APT Cloud Atlas: Unbroken Threat (Positive Technologies)

European Electricity Sector Lacks Cyber Experts as Ukraine War Raises Hacking Risks (Wall Street Journal)

How the US has helped counter destructive Russian cyberattacks amid Ukraine war (The Hill) 

The Australian company training Ukrainian veterans in cybersecurity (Australian Financial Review)

How Proton intends to thwart Russian cybercensorship with its VPN (HiTech Wiki) 

Cyber Lessons Learned from the War in Ukraine (YouTube) 

War in Ukraine Dominated Cybersecurity in 2022 (CNET)