Risky Business #662 -- It's a bad month to be an electricity grid

Cyberwar!... what is it good for? Absolutely somethin'
21 Apr 2022 » Risky Business

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:

  • Ukraine foils Russian ICS hack
  • US Government burns someone’s ICS toolkit
  • China gets all up in India’s energy gridz
  • The Heroku/Hithub/Travis CI story is very confusing
  • US DOJ removes GRU malware from Watchguard boxes under Rule 41
  • North Korea behind $540m crypto hack
  • Much, much more

This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator.

Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing.

Show notes

Ukraine foiled Russian cyberattack that tried to shut down energy grid
(4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter
(4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter
Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED
Suspected Chinese hackers are targeting India's power grid
Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future
Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post
US says it disrupted Russian botnet 'before it could be weaponized'
DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets
Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine
WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica
Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future
Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future
U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future
BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future
North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future
Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future
T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed.
Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future
Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium
VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig
Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future
Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig
Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future
WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future
'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack
The Original APT: Advanced Persistent Teenagers – Krebs on Security