The CyberWire Daily Podcast 6.21.23
Ep 1848 | 6.21.23

A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.

Show Notes

The Flea APT sets its sights on diplomatic targets. An update on the Cl0p gang’s exploitation of a MOVEit vulnerability. Unpatched TP-Link Archer routers are meeting their match in the Condi botnet. The Muddled Libra threat group compromises companies in a variety of industries. A look into passwordless authentication. Derek Manky of Fortinet describes the Global Threat Landscape. Rick Howard speaks with Rod Wallace from AWS about data lakes. And Fancy Bear noses its way into Ukrainian servers.

Selected reading.

Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries (Symantec)

Ke3chang (MITRE)

Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (The Record)

PwC and EY impacted by MOVEit cyber attack (Cybersecurity Hub)

Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack (SecurityWeek)

MOVEit hack: Gang claims not to have BBC, BA and Boots data (BBC)

US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer)

Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 (Fortinet)

CVE-2023-1389 Detail (NIST)

Download for Archer AX21 V3 (TP-Link)

Threat Group Assessment: Muddled Libra (Unit 42)

Axiad and ESG Survey: 82% of Respondents Indicate Passwordless Authentication is a Top Five Priority (PR Newswire)

APT28 group used three Roundcube exploits (CVE-2020-35730, CVE-2021-44026, CVE-2020-12641) during another espionage campaign (CERT-UA#6805) (CERT-UA)

BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities (The Record)

CVE-2020-35730 Detail (NIST)

CVE-2023-23397 Detail (NIST)