The CyberWire Daily Podcast 8.22.23
Ep 1890 | 8.22.23

A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.

Show Notes

HiatusRAT shifts its targets. Ecuador's difficulties with voting is attributed to cyberattacks. Carderbee is an APT targeting Hong Kong. auDA (OOO-duh) turns out not to have been breached. Ukrainian hacktivists claim to dox a senior member of Russia's Duma. Russian influence operations take aim at NATO's July summit. Joe Carrigan describes attacks on LinkedIn accounts. Our guest is John Hernandez from Quest to discuss why he believes the MOVEit flaw is a wakeup call for CISOs. Security, not by obscurity, but by typo.

Selected reading.

HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack (The Hacker News) 

New HiatusRAT campaign targets Taiwan and U.S. military procurement system (Security Affairs)

HiatusRAT Returns after a Hiatus in a Fresh Wave of Attacks (Cyware Labs)

No rest for the wicked: HiatusRAT takes little time off in a return to action (Lumen)

Ecuador’s national election agency says cyberattacks caused absentee voting issues (Record)

Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong

Resolution of cyber incident (auDA) 

Ukrainian hackers claim to leak emails of Russian parliament deputy chief (Record) 

Summit Old, Summit New (Graphika)

Summit Old, Summit New: Russia-Linked Actors Leverage New and Old Tactics in Influence Operations Targeting Online Conversations About NATO Summit (Graphika)

The simple typo that stopped bank robbers from stealing $1 billion (LAD Bible)