The CyberWire Daily Podcast 1.27.23
Ep 1748 | 1.27.23

An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.

Show Notes

An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike’s Adam Meyers.  If you say you’re going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog.

Selected reading.

Cybercriminals stung as HIVE infrastructure shut down (Europol)

U.S. Department of Justice Disrupts Hive Ransomware Variant (U.S. Department of Justice)

Director Christopher Wray’s Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group (Federal Bureau of Investigation)

Taking down the Hive ransomware gang. (CyberWire)

US hacks back against Hive ransomware crew (BBC News)

Cyberattacks Target Websites of German Airports, Admin (SecurityWeek) 

Delta Electronics CNCSoft ScreenEditor (CISA) 

Econolite EOS (CISA) 

Snap One Wattbox WB-300-IP-3 (CISA) 

Sierra Wireless AirLink Router with ALEOS Software (CISA).

Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers (CISA) 

Rockwell Automation products using GoAhead Web Server (CISA)

Landis+Gyr E850 (CISA) 

Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) 

CISA Has Added One Known Exploited Vulnerability to Catalog (CISA)