The CyberWire Daily Podcast 3.10.23
Ep 1777 | 3.10.23

Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.

Show Notes

New IceFire version is out. A DUCKTAIL tale. Social engineering by Tehran. DPRK's LIGHTSHOW cyberespionage. The President's Budget and cybersecurity. The US Department of Defense issues its cyber workforce strategy. Remcos surfaces in attacks against Ukrainian government agencies. DDoS at a Ukrainian radio station. Dave Bittner sits down with Beth Robinson of Bishop Fox to share their 2023 Offensive Security Resolutions. Caleb Barlow from Cylete on  the security implications of gigapixel images. And CISA releases five ICS advisories.

Selected reading.

IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks (SentinelOne) 

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection (Deep Instinct) 

Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers (CyberScoop)

Iranian APT Targets Female Activists With Mahsa Amini Protest Lures (Dark Reading).

Iran threat group going after female activists, analyst warns (Cybernews) 

Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 (Mandiant) 

Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW (Mandiant)

Cybersecurity in the US President's Budget for Fiscal Year 2024. (CyberWire)

Biden’s budget proposal underscores cybersecurity priorities (Washington Post) 

Biden Budget Proposal: $200M for TMF, CISA With 4.9% Budget Boost (Meritalk)

Cybersecurity Poised for Spending Boost in Biden Budget (Gov Info Security)

Deputy Secretary of Defense Signs 2023-2027 DoD Cyber Workforce Strategy (U.S. Department of Defense)

In new cyber workforce strategy, DoD hopes 'bold' retention initiatives keep talent coming back (Breaking Defense)

Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks (Infosecurity Magazine)

February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government (Check Point Software)

Radio Halychyna cyber-attacked following appeal by Russian hacker group (International Press Institute)

CISA Releases Five Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA)