The Defender's Advantage Podcast

Threat Trends: APT by USB

Jan 19, 2023

28:20

Highlights

AI Chapters

Episode notes

Is This a Part of a Bigger Strategy?

01:48

What's Happened With UNK 4191?

04:45

The Initial Infection Vectors, You Know?

03:16

Introduction

3min

The New Turla Blog

2min

Andromeda Malware in Ukraine

3min

What's the Story of Andromeda?

2min

What Do You Think of the TTPs Used by APT 34?

2min

Is Turla Trying to Compromise Victims?

2min

USB Malware - Onc 4191

1min

What's Happened With UNK 4191?

5min

How to Identify Targets of Interest in a Malware Campaign

3min

10.

The Initial Infection Vectors, You Know?

3min

11.

Is This a Part of a Bigger Strategy?

2min

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.

Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.

Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.

Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.

You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.