The CyberWire Daily Podcast 6.28.23
Ep 1853 | 6.28.23

Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.

Show Notes

JokerSpy afflicts Macs. ThirdEye (not so blind). Mockingjay process injection as proof-of-concept. Switzerland expects Russia to increase cyberespionage as agent networks are disrupted. The fracturing of Conti, and the rise of its successors. The Washington Post’s Tim Starks explains the security of undersea cables. Our guest is ​​Brian Johnson of Armorblox to discuss Social Security Administration impersonation scams.  And the "UserSec Collective" says it's recruiting hacktivists for the Russian cause. 

Selected reading.

JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider) 

Prominent cryptocurrency exchange infected with previously unseen Mac malware (Ars Technica)

New Fast-Developing ThirdEye Infostealer Pries Open System Information (Fortinet Blog)

Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution (Security Joes)

New Mockingjay Process Injection Technique Could Let Malware Evade Detection (The Hacker News)

New Mockingjay process injection technique evades EDR detection (BleepingComputer)

Ukraine war made Switzerland hub for Chinese, Russian spies: Swiss intelligence (South China Morning Post) 

Swiss intelligence warns of fallout in cyberspace as West clamps down on spies (Record) 

The rise and fall of the Conti ransomware group (Global Initiative) 

The Trickbot/Conti Crypters: Where Are They Now? (Security Intelligence)                                                                                                                       

Ukraine at D+489: An influence contest, post-mutiny. (CyberWire)