Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard.
Selected reading.
Android GravityRAT goes after WhatsApp backups (ESET)
Quarterly Adversarial Threat Report (Facebook)
GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos)
Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck)
Darth Vidar: The Aesir Strike Back (Team Cymru)
Tracking Diicot: an emerging Romanian threat actor (Cado Security)
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec)
Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft)
Destructive malware targeting Ukrainian organizations (Microsoft)