The Cybersecurity Defenders Podcast #219 - Intel Chat: MSFT-Crowdstrike, GangExposed, Fastlane & HashiCorp Nomad servers
Jun 11, 2025
A strategic alliance between Microsoft and CrowdStrike aims to standardize threat actor naming for clearer communication in cybersecurity. An intriguing figure, GangExposed, emerges, revealing the identities of leaders within notorious ransomware groups. The podcast also discusses a new supply chain attack in the Ruby ecosystem that uses malicious packages to steal data. Additionally, researchers uncover the exploitation of misconfigured HashiCorp Nomad servers for unauthorized cryptocurrency mining, highlighting the critical need for robust security measures.
AI Snips
Chapters
Transcript
Episode notes
Unified Threat Actor Naming
- Microsoft and CrowdStrike have collaborated to create a shared mapping layer to unify threat actor names across platforms.
- This initiative aims to help SOC teams and CISOs quickly identify threat actors and reduce confusion from fragmented naming.
GangExposed Reveals Ransomware Leaders
- An anonymous figure named GangExposed revealed identities of Conti and TrickBot ransomware crews using leaked internal documents.
- He claims no law enforcement ties and is motivated by personal principle, disrupting cybercriminal operations.
Protect Against Malicious Ruby Gems
- Remove malicious Ruby gems impersonating Fastlane plugins immediately and rotate Telegram bot tokens used during that time.
- Lock dependency versions and implement API security programs to monitor and mitigate supply chain exfiltration risks.