State of (Cyber) War - Russia, Offensive Cyber Operations, and Terror, Oh My
12/21/23 • 33 min
Welcome to episode 1 of CyAN's new State of (Cyber) War series.
Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more.
A few notes from our chat:
05:10 James' research paper on Russia/Ukraine: https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/ 05:30 Conti ransomware group: https://flashpoint.io/blog/history-of-conti-ransomware/ 08:55 2016 Ukraine power grid attacks: https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ 11:15 Stuxnet: https://en.wikipedia.org/wiki/Stuxnet 12:47 James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/ 14:35 The Dukes: https://www.cfr.org/cyber-operations/dukes Cozy Bear: https://www.crowdstrike.com/adversaries/cozy-bear/ NotPetya: https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks 18:32 Lazarus Group: https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations 20:11 2022 Yandex Moscow taxi hack: https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow 20:25 2023 GUR Russian state tax service hack: https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service 23:22 2022 Belarus railway hack: https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup 24:04 Alexander Lukashenko and the Ukraine invasion map: https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html 25:23 Syrian Electronic Army: https://en.wikipedia.org/wiki/Syrian_Electronic_Army 29:03 Momotarō no Umiwashi came out in 1942: https://en.wikipedia.org/wiki/Momotar%C5%8D_no_Umiwashi
Original YouTube video is at https://youtu.be/VlP_L3xX2Lo
James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Welcome to episode 1 of CyAN's new State of (Cyber) War series.
Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more.
A few notes from our chat:
05:10 James' research paper on Russia/Ukraine: https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/ 05:30 Conti ransomware group: https://flashpoint.io/blog/history-of-conti-ransomware/ 08:55 2016 Ukraine power grid attacks: https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ 11:15 Stuxnet: https://en.wikipedia.org/wiki/Stuxnet 12:47 James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/ 14:35 The Dukes: https://www.cfr.org/cyber-operations/dukes Cozy Bear: https://www.crowdstrike.com/adversaries/cozy-bear/ NotPetya: https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks 18:32 Lazarus Group: https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations 20:11 2022 Yandex Moscow taxi hack: https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow 20:25 2023 GUR Russian state tax service hack: https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service 23:22 2022 Belarus railway hack: https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup 24:04 Alexander Lukashenko and the Ukraine invasion map: https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html 25:23 Syrian Electronic Army: https://en.wikipedia.org/wiki/Syrian_Electronic_Army 29:03 Momotarō no Umiwashi came out in 1942: https://en.wikipedia.org/wiki/Momotar%C5%8D_no_Umiwashi
Original YouTube video is at https://youtu.be/VlP_L3xX2Lo
James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Previous Episode
The Snatch Ransomware Gang - Juan Nicolossi, PRODAFT Threat Intel Team Lead
Juan Ignacio Nicolossi, PRODAFT Team Leader for threat intelligence, joins us today from Chile to discuss the Snatch ransomware group. Active since mid-2018, Snatch has caused havoc in a variety of companies and government agencies.
In this episode, we discuss Snatch's techniques, the significance of how they use stolen information, and how their approach to what's important to customers means for the future of extortion.
CISA #StopRansomware Snatch advisory: https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf
Ransomlook.io Snatch profile: https://www.ransomlook.io/group/snatch
ALPHV (BlackCat) regulatory extortion article: https://www.darkreading.com/risk/alphv-ransomware-group-files-sec-complaint-against-own-victim
PRODAFT is a Netherlands-based cyber-threat intelligence analysis firm - their website is at https://prodaft.com
Full disclosure: John Salomon is a paid, part-time advisor to PRODAFT.
Juan Nicolossi's LinkedIn profile is at https://www.linkedin.com/in/juan-ignacio-nicolossi-baeza-286b035a/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Original video version at https://youtu.be/g5yiScRofxU
Next Episode
Japan's National Cyberdefence - It's Not a Military Thing, Honest
Welcome to episode 2 of CyAN's State of (Cyber) War series.
Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies.
A few notes from our chat:
02:25 US-Japan 1960 joint security treaty: https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html 02:37 Article 9 Japanese constitution: https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution 02:45 SCAP: Supreme commander allied powers 02:58 Japan Self Defense Forces: https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces 05:01 2019 US-Japan security treaty update: https://www.mofa.go.jp/files/000470738.pdf 06:54 national security strategy end of 2022: https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf 08:14 Lazarus Group: https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats 10:35 Lazarus Group's cryptocurrency thefts: https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/ 11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/ 11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on 12:47 The 2016 revision in question: https://www.mofa.go.jp/files/000143304.pdf 13:37 The spending increase to 2% request: https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/ 13:59 It's actually 2% as well: https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html 14:39 CCDCOE: https://ccdcoe.org/ 14:46 Locked Shields exercise: https://ccdcoe.org/exercises/locked-shields/ 15:33 The official in question was former US Director of National Intelligence Dennis Blair: https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/ 16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad. The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen. The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%. 16:45 The Nagoya port ransomware attack of July 2023: https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack 17:10 The Chinese cyberattack on the Japanese defence network: https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article: https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/ 17:23 KillNet ceases attacks on Japan: https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html 20:17 2023 Amendments to Telecommunications Business Act: https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter 20:20 Unauthorized Computer Access Law (UCAL): https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan
James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original YouTube video version: https://youtu.be/Fmuno8ohJPs
Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cybersecurity-advisors-network-415916/state-of-cyber-war-russia-offensive-cyber-operations-and-terror-oh-my-57809626"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to state of (cyber) war - russia, offensive cyber operations, and terror, oh my on goodpods" style="width: 225px" /> </a>
Copy