The CyberWire Daily Podcast 5.4.23
Ep 1816 | 5.4.23

Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.

Show Notes

An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Department’s Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat Intelligence. And there’s been an indictment and a takedown in a major dark web carder case.

Selected reading.

Attack on Security Titans: Earth Longzhi Returns With New Tricks (Trend Micro)

APT groups muddying the waters for MSPs (ESET)

Russian hackers use WinRAR to wipe Ukraine state agency’s data (BleepingComputer)

WinRAR as a "cyberweapon". Destructive cyberattack UAC-0165 (probably Sandworm) on the public sector of Ukraine using RoarBat (CERT-UA#6550) (CERT-UA) 

The malware threat landscape: NodeStealer, DuckTail, and more (Engineering at Meta) 

Facebook disrupts new NodeStealer information-stealing malware (BleepingComputer)

NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials (Decipher)

City of Dallas likely targeted in ransomware attack, city official says (Dallas News) 

Cybercriminal Network Fueling the Global Stolen Credit Card Trade is Dismantled (US Department of Justice)

Secret Service, State Department Offer Up To $10 Million Dollar Reward For Information On Wanted International Fugitive (US Secret Service)

Police dismantles Try2Check credit card verifier used by dark web markets (BleepingComputer)