The CyberWire Daily Podcast 12.20.22
Ep 1727 | 12.20.22

Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.

Show Notes

SentinelSneak is out in the wild. XLLs for malware delivery. CERT-UA warns of attacks against the DELTA situational awareness system. FSB cyber operations against Ukraine. Trends in the cyber phases of Russia's hybrid war. Mr. Security Answer Person John Pescatore offers his sage wisdom. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Dr. Chenxi Wang from Rain Capital. And an unusually unpleasant sextortion campaign.

Selected reading.

SentinelSneak is not a legitimate SDK. (CyberWire)

SentinelSneak: Malicious PyPI module poses as security software development kit (ReversingLabs)

Malicious Python Trojan Impersonates SentinelOne Security Client (Dark Reading)

Malicious ‘SentinelOne’ PyPI package steals data from developers (BleepingComputer)

Cisco research on XLL Abuse. (CyberWire)

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins (Cisco Talos Blog) 

Ukraine at D+299: Cyber operations 300 days into the war. (CyberWire)

Cyber Dimensions of the Armed Conflict in Ukraine (CyberPeace Institute)

Ukraine's DELTA military system users targeted by info-stealing malware (BleepingComputer)

Ukraine's Delta Military Intel System Hit by Attacks (Infosecurity Magazine)

Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine (Unit 42)

FBI and Partners Issue National Public Safety Alert on Financial Sextortion Schemes | Federal Bureau of Investigation (Federal Bureau of Investigation)

HSI, federal partners issue national public safety alert on sextortion schemes (US Immigration and Customs Enforcement)