The CyberWire Daily Podcast 5.25.23
Ep 1831 | 5.25.23

Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.

Show Notes

China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications of  ChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers.

Selected reading.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory)

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)

Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters)

Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point)

Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (The Record)

Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz)

Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky Security)

Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor)

Buhti: New Ransomware Operation Relies on Repurposed Payloads (Symantec)

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII (SentinelOne)

The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile (Akamai)

Fresh Phish: ChatGPT Impersonation Fuels a Clever Phishing Scam (INKY)