The CyberWire Daily Podcast 4.13.23
Ep 1801 | 4.13.23

Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.

Show Notes

Transparent Tribe expands its activity against India's education sector. A Lazarus sub-group is after defense sector targets. The FBI's Denver office warns of potential juicejacking. Legion: a Python-based credential harvester. The source of leaked US intelligence may be closer to identification. Johannes Ullrich from SANS explains upwork scams. Our guest is Charlie "Tuna" Moore of Vanderbilt University on the cyber lessons from Russia’s war on Ukraine. Canada responds to claims of Russian cyberattacks.

Selected reading.

Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector (SentinelOne)

Following the Lazarus group by tracking DeathNote campaign (Securelist)

DPRK threat actors target C3X and defense sector at large. (CyberWire)

FBI office warns against using public phone charging stations at airports or malls, citing malware risk (CBS News)

The FBI warns of juicejacking and other risks of public tech. (CyberWire)

Legion: an AWS Credential Harvester and SMTP Hijacker (Cado Security) 

The Legion credential harvester. (CyberWire)

Leaker of U.S. secret documents worked on military base, friend says (Washington Post)

U.S. may change how it monitors the web after missing leaked documents for weeks (NBC News)

Cyberattacks on Canada’s gas infrastructure left ‘no physical damage,’ Trudeau says (Global News)

Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool (CyberScoop)

US Warns Russia Getting Creative in Cyberspace (VOA)

APT Winter Vivern Resurfaces (Avertium)