The CyberWire Daily Podcast 6.20.23
Ep 1847 | 6.20.23

Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.

Show Notes

The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomware gang. KillNet, REvil, and Anonymous Sudan form a "DARKNET Parliament" and “sanction” the European banking system. The British Government commits £25 million in cybersecurity aid to Ukraine. Ben Yelin explains cyber disclosure rules proposed by the SEC. Rick Howard speaks with Nancy Wang of AWS about the importance of backups and restores. And what researchers are turning up in cloud honeypots.

Selected reading.

Reddit: Hackers demand $4.5 million and API policy changes (Computing)

Mystic Stealer – Evolving “stealth” Malware (Cyfirma)

Mystic Stealer: The New Kid on the Block (Zscaler)

Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (Bitdefender)

MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software)

CVE-2023-35708 Detail (NIST)

U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims (Reuters)

US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer)

Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks (SecurityWeek)

A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations (CyberCX)

Anonymous Sudan: Religious Hacktivists or Russian Front Group? (Trustwave)

UK to give Ukraine major boost to mount counteroffensive (UK Government)

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes (Orca Security)