The CyberWire Daily Podcast 5.16.24
Ep 2069 | 5.16.24

FBI strikes against a cybercrime syndicate.


The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. ESports gaming gets a level up in their security. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak (spee-zack), the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder.

Today is May 16th, 2024. And no, you did not hit play on the wrong podcast, I’m Maria Varmazis, host of the T-Minus Space Daily podcast sitting in for Dave Bittner. This is your CyberWire Intel Briefing.

FBI seizes BreachForums.

BleepingComputer reports that the US Federal Bureau of Investigation (FBI) seized the BreachForums website and Telegram channel. BreachForums is a notorious hacking forum used to leak and sell stolen data. The website displays everybody’s favorite boilerplate seizure notice, stating, "This website has been taken down by the FBI and DOJ with assistance from international partners. We are reviewing this site's backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us."

BreachForums was the successor of a string of hacking forums used by cybercriminals to buy, sell, and trade hacked data, tools, and services. The first of these sites was known as RaidForums. That initially launched in 2015 and became the largest site for distributing stolen data by ransomware and extortion groups.

BleepingComputer notes that data stolen from a Europol information-sharing portal was leaked on BreachForums last week.

NCSC rolls out 'Share and Defend' initiative.

The UK’s National Cyber Security Centre (NCSC) launched its "Share and Defend" system, offering ISPs access to malicious domain blocklists previously used for government networks. This initiative, which was announced at the CyberUK conference, aims to enhance national cyber defenses by blocking access to harmful content such as phishing sites. Participation is voluntary, BT and Jisc are already enrolled, and Vodafone and TalkTalk are also expected to join. The system seeks to raise cyber resilience without replacing individual vigilance.

No lunar landing here.

ESET researchers published a report on two newly uncovered backdoors, LunarWeb and LunarMail, used by the Russian-linked Turla APT group. They were used to compromise a European Ministry of Foreign Affairs and its diplomatic missions. LunarWeb communicates via HTTP(S) while LunarMail uses email, with both employing steganography to hide commands. Active since 2020, these tools use advanced techniques including trojanized software and Lua scripting. The attack methods suggest prior domain controller access, with spearphishing and misconfigured software abuse as the likely initial access points. The investigation highlights sophisticated cyber espionage targeting diplomatic entities. So, sorry space fans, while I’m the host of T-Minus Space Daily and my eyes may have lit up when I saw the headline, this actually has no lunar implications.

The spammer becomes the scammer.

ReliaQuest describes a major social engineering campaign that's distributing the Black Basta ransomware. The campaign uses mass email spam and voice phishing (vishing). Attackers overwhelm users with spam emails, then impersonate IT support to persuade victims to download remote access tools like Quick Assist or AnyDesk, gaining initial access to systems. They execute scripts to establish command-and-control connections, exfiltrate data, and move laterally within networks. ReliaQuest recommends blocking newly registered domains and setting up application whitelisting.

Bitdefender sounds the alarm.

Bitdefender researchers identified four critical vulnerabilities in ThroughTek’s Kalay platform, exposing over 100 million IoT devices globally to potential attacks. These flaws allow attackers to gain root access, execute remote code, and obtain sensitive data. Devices affected include the Owlet Cam, Wyze Cam, and Roku Indoor Camera. Bitdefender reported the issues in October 2023, and ThroughTek released fixes by April 2024. Users are urged to update their devices to prevent exploitation.

Linux's uninvited guest.

ESET researchers discovered that the North Korean-linked Kimsuky APT group is deploying a new Linux backdoor named Gomir. This backdoor is structurally similar to the Windows-based GoBear malware and is used to target organizations in South Korea. Gomir has various capabilities, such as checking TCP connections, reporting machine configurations, and exfiltrating files. This malware is part of Kimsuky's broader strategy, which includes supply chain attacks using Trojanized software installers to infiltrate targets.

The city of Wichita gets a wake-up call.

The city of Wichita is warning residents about a recent breach we reported on that revealed the chilling truth that no organization is immune to cyber threats. Hackers exploited a known vulnerability, breaching city networks and plundering law enforcement data, including sensitive personal information. As city officials scramble to contain the damage, services grind to a halt, with police resorting to paper records and offices reverting to cash transactions. But Wichita is just one casualty in a nationwide onslaught. St. Helena, Macon-Bibb County, and countless others have fallen prey to similar attacks, leaving governments scrambling to restore functionality and safeguard citizen data. The notice from Wichita officials didn't specify the vulnerability or the number of affected people and are unsure when systems will be restored.

ESports gaming gets a level up in security.

Cisco and Riot Games expanded their global partnership for League of Legends eSports. Cisco will now serve as the official security partner. This collaboration will integrate Cisco's security and digital experience solutions to enhance the gaming experience for players and fans. The partnership, ongoing since 2020, aims to improve cybersecurity, prevent outages, and ensure seamless digital experiences. No bets on if it will decrease angry in-game allegations of “hacks!,” or if n00bs just need to get gud.

Coming up after the break, we will share our Threat Vector segment with host David Moulton and guest Mike Spisak talking about AI. We’ll be right back.

Our Threat Vector segment features host David Moulton, Director of Thought Leadership at Unit 42, discussing the challenges and opportunities of AI adoption with his guest Mike Spisak. 

Welcome back. You can find links to the latest episode of Threat Vector in our show notes. Check out your favorite podcast app to follow Threat Vector every other Thursday to get the latest in the world of cyberthreats. 

No one likes a cyber budgeting blunder.

Nigeria's attempt to fund cybersecurity through a levy on electronic transactions was swiftly halted due to public outcry amid an economic crisis. Amidst this backdrop, the proposed cybersecurity tax aimed to fortify defenses against cyber threats, a pressing concern given Nigeria's history as a cybercrime hotspot. The rollback of the levy raises concerns about the potential surge in cyber threats. Deloitte's Cybersecurity Outlook warns of heightened risks, including insider-supported attacks driven by economic desperation. The forecast of increased ransomware attacks underscores the urgency of robust cybersecurity measures, especially for vulnerable sectors like government assets. What's the moral of this cyber tale? Proactivity pays off! As Nigeria grapples with vulnerabilities, it's a wake-up call for the cyber community on beefing up defenses. Plus, let's not forget the importance of transparency and smart spending—no one likes a cyber budgeting blunder!


For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at


This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.