CyberWire Daily

Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market. And HR phishbait dangles raises, and some employees bite.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/8

Selected reading.

EyeSpy - Iranian Spyware Delivered in VPN Installers (Bitdefender Labs)

Phishing on the Static Expressway. (CyberWire)

NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO (SentinelOne)

Not a cyberattack, but an IT failure. (CyberWire)

FAA NOTAM Statement (FAA)

Canadian Pilot-Alert System Reports Outage Hours After U.S. Grounding Order (Wall Street Journal)

US air travel resumes but thousands of flights delayed after planes grounded - live updates (The Telegraph)

US Flights Latest: Departures Resume After FAA Lifts Ground Stop (Bloomberg)

Royal Mail suffers ‘severe service disruption’ after cyber incident (Glasgow Times)

Royal Mail issues major disruption warning after 'cyber incident' (Computing)

Parcels and letters stuck in limbo as Royal Mail is hit by a suspected hack (The Telegraph)

Cyber Incident Hits UK Postal Service, Halts Overseas Mail (SecurityWeek)

Learn more about your ad choices. Visit megaphone.fm/adchoices

NATO's response to Killnet's cyberattacks on Lithuania. Influence operations in the interest of national market share. SOHO routers are under attack. YTStealer is out and active in the wild. RansomHouse hits AMD. CISA releases six ICS security advisories. The most dangerous software weaknesses. Betsy Carmelite from Booz Allen Hamilton takes a look back at Biden’s executive order on cyber. Our guest is Philippe Humeau of CrowdSec on taking a collaborative approach to security. And a guilty plea in the case of the NetWalker affiliate.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/11/124

Selected reading.

Could the Russian cyber attack on Lithuania draw a military response from NATO? (Sky News)

Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance (Mandiant)

ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks (Lumen)

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (Hacker News)

RansomHouse Extortion Group Claims AMD as Latest Victim (RestorePrivacy)

RansomHouse gang claims to have some stolen AMD data (Register)

CISA releases 6 Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency)

2022 CWE Top 25 Most Dangerous Software Weaknesses (CISA)

Netwalker ransomware affiliate agrees to plead guilty to hacking charges (The Record by Recorded Future)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trojanized Windows 10 installers are deployed against Ukraine. Alleged booters have been collared, and their sites disabled. A progress report on US anti-ransomware efforts. Suspicion in a cyberattack against India turns toward China. Bryan Vorndran from the FBI’s Cyber Division talks about deep fakes. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance (NCA) on the launch of their Historically Black Colleges and Universities Career Program. And hybrid war and fissures in the underworld.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/11/239

Selected reading.

Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government (Mandiant)

Federal Prosecutors in Los Angeles and Alaska Charge 6 Defendants with Operating Websites that Offered Computer Attack Services (US Department of Justice)

Global crackdown against DDoS services shuts down most popular platforms | Europol (Europol)

Readout of Second Joint Ransomware Task Force Meeting (Cybersecurity and Infrastructure Security Agency)

US finds its ‘center of gravity’ in the fight against ransomware (The Record by Recorded Future)

AIIMS cyber attack may have originated in China, Hong Kong (The Times of India)

AIIMS Delhi Servers Were Hacked By Chinese, Damage Contained: Sources (NDTV.com)

Russia-Ukraine war reaches dark side of the internet (Al Jazeera)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese cyberespionage campaign against European governments. The Port of Nagoya closes over ransomware attack. BlackCat and SEO poisoning. LockBit seeks to extort a semiconductor manufacturer. Professionals in the cyber underworld. CISA issued a DDoS alert for US companies and government agencies. Microsoft debunks claims of data theft by Anonymous Sudan. Matt O'Neill from the US Secret Service speaks with Dave Bittner about sextortion. Rick Howard sits down with Michael Fuller of AWS to talk about the kill chain. And Avast releases a free decryptor for Akira.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/126

Selected reading.

Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research (Check Point Research)

Hackers target European government entities in SmugX campaign (BleepingComputer)

Chinese hackers target European embassies with HTML smuggling technique (Record)

Japan’s largest port stops operations after ransomware attack (BleepingComputer)

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads (BleepingComputer)

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (The Hacker News)

TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant (SecurityWeek)

TSMC confirms data breach after LockBit cyberattack on third-party supplier (TechCrunch)

Taiwan Semiconductor Denies LockBit's $70M Hack Claim (Bank Info Security)

Semiconductor giant says IT supplier was attacked; LockBit makes related claims (Record)

DoS and DDoS Attacks against Multiple Sectors (Cybersecurity and Infrastructure Security Agency CISA)

CISA issues DDoS warning after attacks hit multiple US orgs (BleepingComputer)

Microsoft denies data breach, theft of 30 million customer accounts (BleepingComputer)

Microsoft Denies Major 30 Million Customer-Breach (Infosecurity Magazine)

Decrypted: Akira Ransomware (Avast Threat Labs)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-themed phishbait. Ann Johnson from Microsoft shares insights on the trends she’s tracking here at RSA. Johannes Ullrich brings highlights from his RSA conference panel discussion. And Emotet returns, in the company of some old familiar criminal collaborators.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/11/111

Selected reading.

Hacked Russian radio station broadcasts Ukrainian anthem (Washington Post)

Ukraine Successfully Defends Its Cyberspace While Russia Leans Heavily on Guns, Bombs (CNET)

Ukraine war: US cyber chief on Kyiv's advantage over Russia (Sky News)

NSA Director Confirms Cyber Command 'Hunt Forward' Approach Applies to Russia (ClearanceJobs)

Experts, NSA cyber director say ransomware could threaten campaigns in 2022 (CyberScoop)

Ransomware, botnets could plague 2022 midterms, NSA cyber director says (The Record by Recorded Future)

How Cyber Criminals Target Cryptocurrency (Proofpoint)

Crypto stealing campaign spread via fake cracked software (Avast)

Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays (Hot for Security)

Emotet Malware Returns in 2022 (Deep Instinct)

Learn more about your ad choices. Visit megaphone.fm/adchoices