The CyberWire Daily Podcast 8.14.23
Ep 1884 | 8.14.23

Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.

Show Notes

An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases of cyberespionage against Exchange.

Watch the full video of Simone and Camille here: Solution Spotlight: Simone Petrella and Camille Stewart Gloster

Selected reading.

DroxiDat-Cobalt Strike Duo Targets Power Generator Network (Infosecurity Magazine)

New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News)

Power Generator in South Africa hit with DroxiDat and Cobalt Strike (Security Affairs) 

Southern African power generator targeted with DroxiDat malware (Record) 

Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky ICS CERT)

APT31 Linked to Recent Industrial Attacks in Eastern Europe (Infosecurity Magazine) 

Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (The Hacker News) 

LOLEKHosted admin arrested for aiding Netwalker ransomware gang (BleepingComputer)

Russian spy agencies targeting Starlink with custom malware, Ukraine warns (The Telegraph)

Russia Bans iPhones And iPads For Official Use: Report (BW Businessworld)

Microsoft Suspends Extending Licenses For Companies in Russia (RadioFreeEurope/RadioLiberty) 

Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security  (US Department of Homeland Security)

Microsoft Exchange hack is focus of cyber board’s next review (Record) 

Microsoft is under scrutiny after a recent attack by suspected Chinese hackers (Windows Central) 

The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts (Security Affairs)

Microsoft's role in data breach by Chinese hackers to be part of US cyber inquiry (Firstpost)