Risky Business Podcast

June 07, 2023

Risky Business #709 -- Cl0p goes berserk with MOVEit 0day

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Russia’s FSB uncovers “NSA malware” on iPhones
  • Cl0p mass harvests data from MOVEit file transfer servers
  • ASD discloses a bunch of operations against ISIS, criminals
  • Why China’s prepositioning is probably… prepositioning
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Risky Business #709 -- Cl0p goes berserk with MOVEit 0day
0:00 / 0:00

Show notes

Russia says US hacked thousands of Apple phones in spy plot | Reuters

Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign

Russia wants 2 million phones with home-grown Aurora OS for use by officials

Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком

Why China's Latest APT Campaign is Legitimately Worrying

War crimes committed through cyberspace must not escape international justice, says Estonian president

Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED

How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News

Australian intelligence's secret hand in bringing down the Bali bombers - ABC News

Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter

What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive

metlstorm: "Great, so now I have to roll i…" - Infosec Exchange

Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange

Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED

Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security

Wayback Machine

Discord Admins Hacked by Malicious Bookmarks – Krebs on Security

Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica

How university cybersecurity clinics can help cities fight ransomware | CyberScoop

Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter

BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange

Thinkst