The Cybersecurity Defenders Podcast

#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer (take 2)

Feb 21, 2025

Delve into the intriguing world of network traffic tunneling, where attackers bypass security controls with techniques like DNS and HTTP/S tunneling. Explore the ominous BadPilot campaign linked to Russia's notorious Sandworm group. Discover the critical CVE-2025-0108 vulnerability, which exposes firewall security, and learn about an innovative emoji-based data smuggling technique. Plus, meet Kitty Stealer, a malware targeting macOS user data, showcasing the evolving landscape of cyber threats.

35:09

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Advanced tunneling techniques, such as DNS and HTTP/S tunneling, are increasingly being exploited by threat actors to evade security measures and conduct covert operations.

The rise of the 'BadPilot' hacking campaign highlights the ongoing threat posed by state-sponsored groups engaging in sophisticated cyber espionage and disruptive activities.

Deep dives

Decrease in Ransomware Payments

Ransomware payments significantly dropped by 35% in 2024, with total payments amounting to approximately $813.55 million, down from a record $1.1 billion in 2023. This decline is credited to enhanced defensive measures, more aggressive law enforcement actions, and a shift in tactics among attackers, who are increasingly resorting to data exfiltration rather than traditional encryption methods. While the reduction in payments is viewed as a positive trend, it does not absolve organizations from vigilance, as ransomware activity and sophisticated tactics remain prevalent. This situation underscores the importance of continued investment in security measures to sustain this downward trend in ransom payouts.

Intro

2min

Decline in Ransomware Payments: A Cautious Victory

12min

Evolving Tactics of the XE Group

5min

Exploiting Software Supply Chains

7min

Deconstructing Cyber Espionage

7min

Advanced Evasion Techniques in Cyber Attacks

2min

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.

The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.

GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.

Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.

Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

The Cybersecurity Defenders Podcast

#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer (take 2)

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Decrease in Ransomware Payments

Adapting Threat Actors

Law Enforcement's Role

Rising Supply Chain Attacks

Remember Everything You Learn from Podcasts