Our regular podcast series features threat research and security news, hosted by threat researchers from the Threat Hunter Team.
New Billbug campaign, Prestige ransomware, and multiple arrests of alleged cyber-crime gang members
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the Symantec Threat Hunter Team’s latest blog detailing a recent campaign by the Billbug espionage group, in which it targeted a certificate authority and multiple government agencies in various countries in Asia. We also discuss a new strain of ransomware called Prestige, which is being used in attacks against Ukraine, while we also take a look some recent arrests of suspects that are alleged to have been involved in major cyber crime groups - with one suspect alleged to have been involved in the JabberZeus gang arrested in Switzerland, while an alleged member of the LockBit ransomware group was apprehended in Canada.
11/17/2022 • 25 minutes, 38 seconds
Exbyte exfiltration tool, Cranefly uses new tools and novel technique, and OpenSSL bug is downgraded
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss two recent Symantec blogs, including one detailing the new Exbyte data exfiltration tool, which is being used by at least one affiliate of the BlackByte ransomware gang. We also discuss our blog about a group called Cranefly, which is using a new dropper and malware, as well as a novel method of reading commands from legitimate IIS logs. We also discuss the OpenSSL vulnerability that caused a lot of headlines over the last week, and the ransomware losses that occurred in 2021.
11/3/2022 • 20 minutes, 42 seconds
Budworm espionage activity, Spyder Loader malware, and Ransom Cartel links to Sodinokibi
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Kevin Sovey to discuss a blog we recently published about the Budworm espionage group targeting organizations in the U.S. We also discuss another blog we published this week about the Spyder Loader malware being deployed on the machines of government agencies in Hong Kong. We also talk about apparent links between the operators behind Ransom Cartel and the REvil/Sodinokibi ransomware family.
10/20/2022 • 18 minutes, 14 seconds
Witchetty espionage group activity, Microsoft Exchange Server zero days, and U.S. defense sector targeted by APT groups
On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.
10/6/2022 • 27 minutes, 50 seconds
Espionage activity targeting Asian governments, Webworm develops customized tools, and latest Noberus TTPs
On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.
9/22/2022 • 25 minutes, 24 seconds
Mobile app security, Russian invasion of Ukraine cyber impact continues, and Evil Corp switches focus
The Cyber Security Brief is back after its summer break! In this episode, Brigid O Gorman and Dick O’Brien cover some of the stories you might have missed while we were off air. Dick discusses a recent Symantec blog that looks at the implications of poor security practices in the mobile software supply chain, and how this can lead to the exposure of an alarming amount of data. Brigid discusses some of the continuing effects of the Russian invasion of Ukraine in the world of cyber security, including some activity by the Shuckworm APT gang aimed at Ukraine, as well as a seemingly increased focus by Chinese espionage actors on Russia since the invasion began. Finally, we also discuss some recent developments by the Evil Corp cyber crime gang, and what these might mean.