The CyberWire Daily Podcast 9.25.23
Ep 1913 | 9.25.23

Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.

Show Notes

The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game.Selected reading.

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42)

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange)

Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer)

Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42)

EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity) 

From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News)

Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t

Deadglyph: Covertly preying over Middle Eastern skies (LABScon) 

New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer) 

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News) 

0-days exploited by commercial surveillance vendor in Egypt (Google).

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions (The Citizen Lab) 

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware (The Hacker News) 

Egyptian presidential hopeful targeted by Predator spyware (Washington Post)

Russian news outlet in Latvia believes European state behind phone hack (the Guardian) 

Exclusive: Russian hackers seek war crimes evidence, Ukraine cyber chief says (Reuters).

Russian hackers trying to steal evidence of Moscow’s war crimes in Ukraine - cyber chief (Ukrinform).

Large-scale cyberattack reported in occupied Crimea (The Kyiv Independent) 

NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII (Dark Reading)