The CyberWire Daily Podcast 2.17.23
Ep 1763 | 2.17.23

FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.

Show Notes

The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories.

Selected reading.

Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN)

Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software)

ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec) 

Attacks with novel Havoc post-exploitation framework identified (SC Media)

Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer) 

German airport websites down in possible hacker attack (Deutsche Welle) 

The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute)

U.S. launches 'disruptive technology' strike force to target national security threats (Reuters)

Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal)

ICS-CERT Advisories (CISA)