Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
I Know This Might Sound Crazy but Russia’s TA422 Blasted Lots of Exploits
MP3•Episode home
Manage episode 388983606 series 3348167
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Tis the season for understanding TA422’s latest activity AND for singing podcast guests!
Today’s returning guest is Greg Lesnewich, Senior Threat Researcher at Proofpoint. He sheds light on the tactics, techniques, and procedures (TTPs) employed by TA422. The conversation touches on the significance of the high volumes observed starting in late summer, the exploitation of vulnerabilities for NTLM credential harvesting, and the brief usage of the WinRAR vulnerability.
They touch upon the potential reasons behind the group's choices, considering factors such as resourcing, tactical decisions, and a shift towards speed and efficiency. There is also consideration about connecting TA422's activities to broader trends in threat actor behavior, such as a shift towards living off the land techniques and a focus on social engineering for initial access.
The conversation continues on the following topics:
[11:17] TA422 Recent Activity
[13:30] Campaign’s using CVE 2023 23397
[18:35] Winrar activity
[22:50] October & November activity
[26:50] Guest Singing Spotlight
[29:30] Noticeable differences in campaigns
Resources mentioned:
TA422 Proofpoint Blog: https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week
Google TAG Report on WinRAR Exploits: https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/amp/
Selena’s Cyber Tunes Playlist: https://open.spotify.com/playlist/7GqH7SefgiI1UtYNjQ5svg?si=vO2Ao-lTTSuCCVfgfgcUfw&pt=97da5ebbd320a4f79014b1f205fc8438&pi=u--xbfwSuHSE-T
Wired story on Sandworm: https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/
For more information, check out our website.
…
continue reading
Today’s returning guest is Greg Lesnewich, Senior Threat Researcher at Proofpoint. He sheds light on the tactics, techniques, and procedures (TTPs) employed by TA422. The conversation touches on the significance of the high volumes observed starting in late summer, the exploitation of vulnerabilities for NTLM credential harvesting, and the brief usage of the WinRAR vulnerability.
They touch upon the potential reasons behind the group's choices, considering factors such as resourcing, tactical decisions, and a shift towards speed and efficiency. There is also consideration about connecting TA422's activities to broader trends in threat actor behavior, such as a shift towards living off the land techniques and a focus on social engineering for initial access.
The conversation continues on the following topics:
[11:17] TA422 Recent Activity
[13:30] Campaign’s using CVE 2023 23397
[18:35] Winrar activity
[22:50] October & November activity
[26:50] Guest Singing Spotlight
[29:30] Noticeable differences in campaigns
Resources mentioned:
TA422 Proofpoint Blog: https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week
Google TAG Report on WinRAR Exploits: https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/amp/
Selena’s Cyber Tunes Playlist: https://open.spotify.com/playlist/7GqH7SefgiI1UtYNjQ5svg?si=vO2Ao-lTTSuCCVfgfgcUfw&pt=97da5ebbd320a4f79014b1f205fc8438&pi=u--xbfwSuHSE-T
Wired story on Sandworm: https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/
For more information, check out our website.
68 episodes
MP3•Episode home
Manage episode 388983606 series 3348167
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Tis the season for understanding TA422’s latest activity AND for singing podcast guests!
Today’s returning guest is Greg Lesnewich, Senior Threat Researcher at Proofpoint. He sheds light on the tactics, techniques, and procedures (TTPs) employed by TA422. The conversation touches on the significance of the high volumes observed starting in late summer, the exploitation of vulnerabilities for NTLM credential harvesting, and the brief usage of the WinRAR vulnerability.
They touch upon the potential reasons behind the group's choices, considering factors such as resourcing, tactical decisions, and a shift towards speed and efficiency. There is also consideration about connecting TA422's activities to broader trends in threat actor behavior, such as a shift towards living off the land techniques and a focus on social engineering for initial access.
The conversation continues on the following topics:
[11:17] TA422 Recent Activity
[13:30] Campaign’s using CVE 2023 23397
[18:35] Winrar activity
[22:50] October & November activity
[26:50] Guest Singing Spotlight
[29:30] Noticeable differences in campaigns
Resources mentioned:
TA422 Proofpoint Blog: https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week
Google TAG Report on WinRAR Exploits: https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/amp/
Selena’s Cyber Tunes Playlist: https://open.spotify.com/playlist/7GqH7SefgiI1UtYNjQ5svg?si=vO2Ao-lTTSuCCVfgfgcUfw&pt=97da5ebbd320a4f79014b1f205fc8438&pi=u--xbfwSuHSE-T
Wired story on Sandworm: https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/
For more information, check out our website.
…
continue reading
Today’s returning guest is Greg Lesnewich, Senior Threat Researcher at Proofpoint. He sheds light on the tactics, techniques, and procedures (TTPs) employed by TA422. The conversation touches on the significance of the high volumes observed starting in late summer, the exploitation of vulnerabilities for NTLM credential harvesting, and the brief usage of the WinRAR vulnerability.
They touch upon the potential reasons behind the group's choices, considering factors such as resourcing, tactical decisions, and a shift towards speed and efficiency. There is also consideration about connecting TA422's activities to broader trends in threat actor behavior, such as a shift towards living off the land techniques and a focus on social engineering for initial access.
The conversation continues on the following topics:
[11:17] TA422 Recent Activity
[13:30] Campaign’s using CVE 2023 23397
[18:35] Winrar activity
[22:50] October & November activity
[26:50] Guest Singing Spotlight
[29:30] Noticeable differences in campaigns
Resources mentioned:
TA422 Proofpoint Blog: https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week
Google TAG Report on WinRAR Exploits: https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/amp/
Selena’s Cyber Tunes Playlist: https://open.spotify.com/playlist/7GqH7SefgiI1UtYNjQ5svg?si=vO2Ao-lTTSuCCVfgfgcUfw&pt=97da5ebbd320a4f79014b1f205fc8438&pi=u--xbfwSuHSE-T
Wired story on Sandworm: https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/
For more information, check out our website.
68 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.