S1E02: Cafe Bohannon
State of the Hack
English - March 16, 2018 21:04 - 32 minutes - 22.7 MB - ★★★★★ - 28 ratingsTechnology News Tech News fireeye mandiant cybersecurity malware hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
“Activity Round-up”: This week, we talk about new techniques being
used by Iran's "MuddyWater" (TEMP.Zagros) and Vietnam's APT32. We
discuss our Mandiant response efforts into large Chinese espionage
campaigns that have picked up in the past year, highlighting both
APT20 targeting of service providers and some fresh TEMP.Periscope
activity at many clients.
“What to Expect When You’re Resetting”: We describe several approaches
and challenges with mid-breach enterprise password resets - and the
results of Christopher’s polls on your experiences.
“Cafe Bohannon”: We close with a chat with Daniel Bohannon
(@danielhbohannon) about good coffee, "tasteful obfuscation," and
preview of DBO's upcoming Black Hat Asia 2018 research & tool
releasing next week.
Referenced material:
• MuddyWater blog post:
https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-gr
oup-updates-ttps-in-spear-phishing-campaign.html
• One of the APT32 backdoors, using DLL sideloading (from ESET):
https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoo
r/
• Chinese aligned cyber espionage activity from TEMP.Periscope:
https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese
-espionage-group-targeting-maritime-and-engineering-industries.html
State of the Hack is FireEye’s monthly live broadcast series, hosted
by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that
discusses the latest in information security, cyber espionage, attack
trends, and tales from the front lines of responding to targeted
intrusions.