The CyberWire Daily Podcast 1.5.23
Ep 1733 | 1.5.23

PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.

Show Notes

The PurpleUrchin freejacking campaign. Bluebottle activity against banks in Francophone Africa. The PyTorch framework sustains a supply-chain attack. 2022's ransomware leaderboard. Cellphone traffic as a source of combat information.  FBI Cyber Division AD Bryan Vorndran on the interaction and collaboration of federal agencies in the cyber realm. Our guest Jerry Caponera from ThreatConnect wonders if we need more "Carrots" Than "Sticks" In Cybersecurity Regulation. And two incommensurable views of information security.

Selected reading.

An analysis of the PurpleUrchin campaign. (CyberWire)

PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources (Unit 42)

Bluebottle observed in the wild. (CyberWire)

Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa (Symantec)

PyTorch incident disclosed, assessed. (CyberWire)

PyTorch dependency poisoned with malicious code (Register)

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. (PyTorch)

Most active, impactful ransomware groups of 2022. (CyberWire)

2022 Year in Review: Ransomware (Trustwave)

Russia says phone use allowed Ukraine to target its troops (AP NEWS)

For Russian Troops, Cellphone Use Is a Persistent, Lethal Danger (New York Times)

Kremlin blames own soldiers for Himars barracks strike as official death toll rises (The Telegraph) 

No Water’s Edge: Russia’s Information War and Regime Security (Carnegie Endowment for International Peace)