The CyberWire Daily Podcast 1.30.23
Ep 1749 | 1.30.23

Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?

Show Notes

Gootloader's evolution. Yandex source code leaked (and Yandex blames a rogue insider). New GRU wiper malware is active against Ukraine. Latvia reports cyberattacks by Gamaredon. Russia and the US trade accusations of malign cyber activity. A hacktivist auxiliary's social support system. Deepen Desai from Zscaler describes the Lilithbot malware. Rick Howard looks at chaotic simians. And wannabes can be a nuisance, too: LockBit impersonators are seen operating in northern Europe.

Selected reading.

Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations (Mandiant) 

Yandex denies hack, blames source code leak on former employee (BleepingComputer) 

Hackers use new SwiftSlicer wiper to destroy Windows domains (BleepingComputer) 

Sandworm APT targets Ukraine with new SwiftSlicer wiper (Security Affairs) 

Ukraine: Sandworm hackers hit news agency with 5 data wipers (BleepingComputer)

Ukraine Links Media Center Attack to Russian Intelligence (BankInfoSecurity) 

Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group (The Record from Recorded Future News) 

Russia knows US recruits hackers, trains Ukrainian IT-army — Deputy Foreign Minister (TASS)

Taking down the Hive ransomware gang. (CyberWire)

US puts a $10m bounty on Hive while Russia shuts down access (Register) 

Exploring Killnet’s Social Circles (Radware)

Copycat Criminals mimicking Lockbit gang in northern Europe (Security Affairs)