The CyberWire Daily Podcast 2.9.23
Ep 1757 | 2.9.23

Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.

Show Notes

War-floating. A phishing campaign pursues Ukrainian and Polish targets. Pakistan's navy is under cyberattack. A new criminal threat-actor uses screenshots for recon. ESXiArgs is widespread, but its effects are still being assessed. The UK and US issue joint sanctions against Russian ransomware operators. Robert M. Lee from Dragos addresses attacks to electrical substations. Our guest is Denny LeCompte from Portnox discussing IoT security segmentation strategies. And is LockBit next on law enforcement’s wanted list?

Selected reading.

Chinese Balloon Had Tools to Collect Communications Signals, U.S. Says (New York Times) 

UAC-0114 Campaign Targeting Ukrainian and Polish Gov Entitities (The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine)

NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool (BlackBerry)

Screentime: Sometimes It Feels Like Somebody's Watching Me (Proofpoint)

Florida state court system, US, EU universities hit by ransomware outbreak (Reuters).

No evidence global ransomware hack was by state entity, Italy says (Reuters)

Ransomware campaign stirs worry despite uncertain impact (Washington Post)

VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks (VMware Security Blog)

CISA and FBI Release ESXiArgs Ransomware Recovery Guidance (CISA)

United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang (U.S. Department of the Treasury)

Ransomware criminals sanctioned in joint UK/US crackdown on international cyber crime (National Crime Agency)