The Defender's Advantage Podcast

Threat Trends: APT by USB

Jan 19, 2023

28:20

Highlights

AI Chapters

Episode notes

Is This a Part of a Bigger Strategy?

01:48

What's Happened With UNK 4191?

04:45

The Initial Infection Vectors, You Know?

03:16

Introduction

3min

The New Turla Blog

2min

Andromeda Malware in Ukraine

3min

What's the Story of Andromeda?

2min

What Do You Think of the TTPs Used by APT 34?

2min

Is Turla Trying to Compromise Victims?

2min

USB Malware - Onc 4191

1min

What's Happened With UNK 4191?

5min

How to Identify Targets of Interest in a Malware Campaign

3min

10.

The Initial Infection Vectors, You Know?

3min

11.

Is This a Part of a Bigger Strategy?

2min

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.

Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.

Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.

Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.

You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Defender's Advantage Podcast

Threat Trends: APT by USB

Is This a Part of a Bigger Strategy?

What's Happened With UNK 4191?

The Initial Infection Vectors, You Know?

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights