Cracking the Blue Lambert Code

Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play.

Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• Kim Zetter: Did Trump admin order a stand-down on Russia?
• Unraveling the Lamberts Toolkit (Securelist)
• VB2019: King of the hill: nation-state counterintelligence for victim deconfliction
• VB2018: Draw me like one of your French APTs
• Symantec: Who is Longhorn?
• VMware: Three new zero-days exploited
• Broadcom patches 3 VMware zero-days exploited in the wild
• DOJ indictments: i-Soon hackers for hire and APT27
• Unmasking I-Soon
• Catalan court orders former NSO Group execs be indicted for spyware abuses
• Apple sending 'mercenary spyware' threat notifications
• How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist
• Safe{Wallet] post-mortem on ByBit $1.4B crypto heist