The CyberWire Daily Podcast 5.24.23
Ep 1830 | 5.24.23

Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.

Show Notes

Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019.  Criminals target Youtube viewers with free cracked software.  Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia Inquirer. CERT-UA identifies a probable Russian cyberespionage campaign. Ireland views cyber assistance to Ukraine as a contribution to collective security. Ann Johnson from Afternoon Cyber Tea speaks with Tyrance Billingsley about Black Tech. Our guest is Oz Alashe from CybSafe on raising VC money amidst a down economy. And KillNet's underperforming hacktivists.

Selected reading.

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit (SentinelOne)

North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (The Hacker News)

Meet the GoldenJackal APT group. Don’t expect any howls (Kaspersky)

Follina — a Microsoft Office code execution vulnerability (DoublePulsar)

YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner (FortiGuard Labs)

Arms maker Rheinmetall confirms BlackBasta ransomware attack (Bleeping Computer)

Inquirer and forensics team investigating computer disruptions to publishing (Philadelphia Inquirer)

Cuba ransomware claims cyberattack on Philadelphia Inquirer (Bleeping Computer)

Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549) (CERT-UA)

Ukraine Identifies Central Asian Cyberespionage Campaign (BankInfoSecurity)

Ireland’s cyber security agency has been providing ‘non-lethal aid’ to Ukraine (Irish Times)