Three Buddy Problem

Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click

50 snips
Aug 29, 2025
The podcast dives into the implications of the Salt Typhoon advisory, analyzing its delayed release and useful insights for defenders. Discussion revolves around Google’s new cyber disruption unit and the ethical dilemmas it presents. The role of AI in enhancing threat detection is examined, along with the troubling vulnerabilities in WhatsApp that threaten user security. Additional topics include a new Chinese APT report, Amazon's disruption of APT29, and the importance of precise terminology in understanding evolving cyber threats.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Late Multi-Agency Report Has Mixed Value

  • Multi-agency Salt Typhoon advisory finally released IOCs and YARA after long delays and heavy approvals.
  • Costin and Ryan suspect the core content came from a few private analysts and later collected logos added bureaucracy.
ADVICE

Act Quickly On New IOCs And Guest Shells

  • Monitor creation of Cisco guest shells and containerized Linux environments on routers to detect this actor's persistence.
  • Ingest the advisory's YARA rules, IPs and hashes immediately and pivot on PDB paths and registrant data for fast expansion.
INSIGHT

Naming Avoidance Signals Attribution Uncertainty

  • The advisory avoids adopting commercial names and uses the generic term "APT actors," which muddles attribution.
  • This ambiguity reflects technical uncertainty and disagreement across contributors about who exactly comprises "Salt Typhoon."
Get the Snipd Podcast app to discover more snips from this episode
Get the app