The CyberWire Daily Podcast 6.29.23
Ep 1854 | 6.29.23

Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.

Show Notes

8base ransomware is overlooked and spiking. GuLoader targets law firms. Akira ransomware for Linux systems targets VMs. Kaspersky tracks the Lazarus group: typos and mistakes indicating an active human operator. Charming Kitten goes spearphishing. Securing continuous integration/continuous delivery operations. No emojis for the SEC, please.Unconfirmed reports say the Wagner Group hacked a Russian satellite communications provider. Our guest is Hanan Hibshi from Carnegie Mellon's picoCTF team. Chris Novak from Verizon discusses their 2023 Data Breach Investigations Report (DBIR). And Anonymous Sudan wants you to know that they’re not just a bunch of deniable Russian crooks–where’s the love, man?

Selected reading.

8Base Ransomware: A Heavy Hitting Player (VMware Security Blog) 

GuLoader Campaign Targets Law Firms in the US (Morphisec) 

Akira Ransomware Extends Reach to Linux Platform (Cyble) 

Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign (Infosecurity Magazine)

Charming Kitten Updates POWERSTAR with an InterPlanetary Twist (Volexity)

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA)

NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments (National Security Agency/Central Security Service)

Wall Street Regulators’ New Target: Emojis (Wall Street Journal) 

Russian satellite telecom Dozor allegedly hit by hackers (Cybernews)

Hacking Group Says It Attacked Microsoft for Sudan. Experts Say Russia’s Behind It (Bloomberg) 

‘Hactivists’ who targeted Microsoft claim they’re working for Sudan (Fortune)