The CyberWire Daily Podcast 5.15.23
Ep 1823 | 5.15.23

Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.

Show Notes

Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments.

Selected reading.

Discord discloses data breach after support agent got hacked (Bleeping Computer)

Discord suffered a data after third-party support agent was hacked (Security Affairs)

Multinational tech firm ABB hit by Black Basta ransomware attack (Bleeping Computer)

Breaking: ABB confirms cyberattack; work underway to restore operations (ET CISO)

Black Basta conducts ransomware attack against Swiss technology company ABB (The CyberWire)

They dox Chinese hackers. Now, they’re back. (Washington Post)

What’s Cracking at the Kerui Cracking Academy? (Intrusion Truth)

Posing as Islamists, Russian Hackers Take Aim at Sweden (Bloomberg)

Anonymous Sudan: Threat Intelligence Report (TrueSec)

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes)

Russian ‘Red Stealer’ cyberattacks target breakaway territories in Ukraine (Cybernews)

Russia Cyber Threat Overview and Advisories (CISA)

Known Exploited Vulnerabilities Catalog (CISA)

CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA)

CISA warns of critical Ruckus bug used to infect Wi-Fi access points (Bleeping Computer)

Security Bulletins (Ruckus)

ROK union leaders charged with spying for North Korea in ‘movie-like’ scheme (NK News)