The CyberWire Daily Podcast 9.1.23
Ep 1898 | 9.1.23

DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.

Show Notes

A VMConnect supply chain attack is connected to the DPRK.  Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marré from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is released for Key Group ransomware.

Selected reading.

VMConnect supply chain attack continues, evidence points to North Korea (ReversingLabs) 

Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware (Securonix)

Montreal electricity organization latest victim in LockBit ransomware spree (Record)

LockBit ransomware gang targets electrical infrastructure organization in Montreal (teiss)

[Analyst Report] SANS 2023 DevSecOps Survey (Synopsys)

SANS 2023 DevSecOps Survey (Application Security Blog)

Government Agencies Report New Russian Malware Targets Ukrainian Military (National Security Agency/Central Security Service)

Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say (CNN)

Ukraine: The First Cyber Lessons (AFCEA International)

The Return of Hacktivism: A Temporary Reprise or Here for Good? (ReliaQuest)

Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang (EclecticIQ)