Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.

A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard.

Selected reading.

Android GravityRAT goes after WhatsApp backups (ESET)

Quarterly Adversarial Threat Report (Facebook)

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant)

GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos)

Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck)

Darth Vidar: The Aesir Strike Back (Team Cymru)

Tracking Diicot: an emerging Romanian threat actor (Cado Security)

Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec)

Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft)

Destructive malware targeting Ukrainian organizations (Microsoft)