The CyberWire Daily Podcast 2.6.23
Ep 1754 | 2.6.23

Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.

Show Notes

New ransomware exploits a VMware ESXi vulnerability. Roasted 0ktapus squads up. LockBit says ION paid the ransom. Russian cyber auxiliaries continue attacks against healthcare organizations. Attribution on the Charlie Hebdo attack. Deepen Desai from Zscaler describes recent activity by Ducktail malware. Rick Howard looks at cyber threat intelligence. And the top US cyber diplomat says his Twitter account was hacked.

Selected reading.

Ransomware Gang in Trading Hack Says Ransom Was Paid (Bloomberg)

Regulators weigh in on ION attack as LockBit takes credit (Register)

Russian hackers launch attack on City of London infrastructure (The Armchair Trader)

Ransomware attack on data firm ION could take days to fix -sources (Reuters)

Linux version of Royal Ransomware targets VMware ESXi servers (BleepingComputer)

Ransomware scum attack old VMWare ESXi vulnerability (Register)

Italy sounds alarm on large-scale computer hacking attack (Reuters)

Italy's TIM suffers internet connection problems (Reuters)

Italy sounds alarm on large-scale computer hacking attack (Jerusalem Post)

Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers (Security Affairs)

Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (CERT-FR)

VMSA-2021-0002 (VMware)

CERT-FR warns of a new wave of ransomware attacks targeting VMware ESXi servers (Security Affairs)

‘0ktapus’ hackers are back and targeting tech and gaming companies, says leaked report (TechCrunch)

Customizable new DDoS service already appears to have fans among pro-Russia hacking groups (The Record from Recorded Future News)

Russian Hackers Take Down At Least 17 U.S. Health System Websites (MedCity News)

Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack (Security Affairs)

Iran responsible for Charlie Hebdo attacks - Microsoft On the Issues (Microsoft On the Issues)

Piratage de « Charlie Hebdo » : un groupe iranien à la manœuvre, selon Microsoft (Le Monde)

Iran behind hack of French magazine Charlie Hebdo, Microsoft says (Reuters)

Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT (Security Affairs

America's top cyber diplomat says his Twitter account was hacked (CNN)