The CyberWire Daily Podcast 5.26.23
Ep 1832 | 5.26.23

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.

Show Notes

CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches. 

Selected reading.

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory)

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) 

China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC)

Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado)

Legion Malware Upgraded to Target SSH Servers and AWS Credentials (Hacker News)

CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA)