Risky Business

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:

• Ukraine foils Russian ICS hack
• US Government burns someone’s ICS toolkit
• China gets all up in India’s energy gridz
• The Heroku/Hithub/Travis CI story is very confusing
• US DOJ removes GRU malware from Watchguard boxes under Rule 41
• North Korea behind $540m crypto hack
• Much, much more

This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator.

Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing.

Show notes

• Ukraine foiled Russian cyberattack that tried to shut down energy grid
• (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter
• (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter
• Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED
• Suspected Chinese hackers are targeting India's power grid
• Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future
• Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post
• US says it disrupted Russian botnet 'before it could be weaponized'
• DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets
• Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine
• WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica
• Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future
• DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
• US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future
• Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future
• U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future
• Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
• After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future
• BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future
• North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future
• Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future
• T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed.
• Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future
• Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium
• VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig
• Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future
• Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig
• Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future
• WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future
• 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack
• The Original APT: Advanced Persistent Teenagers – Krebs on Security