Malspace

Chi En (Ashley) Shen, a threat researcher at Cisco Talos, shares her inspiring journey from Taiwanese hacking forums to leading threat intelligence at major companies. She delves into the rise of compartmentalized cyberattacks and the role of Initial Access Brokers, advocating for better threat detection strategies. Ashley also discusses her initiatives promoting diversity in cybersecurity, such as HITCON Girls and Raclette, emphasizing the importance of women in tech. Lastly, she suggests enhancements to the Diamond Model for more effective threat analysis.

Mark Parsons, Senior Threat Hunter at Sophos MDR, uncovers the thrilling intricacies of Operation Crimson Palace—a Chinese state-sponsored cyber espionage campaign targeting a Southeast Asian government. He details how his team identified multiple clusters of activity using advanced malware and evasion techniques. Discover unique tools like CCoreDoor and PocoProxy, and delve into the collaborative nature of cybersecurity as Parsons shares insights into tracking and analyzing sophisticated cyber threats. Join him in the high-stakes battle against digital infiltrators!

In this episode of Malspace, Pierre Delcher, Head of Cyber Threat Research at HarfangLab, discusses the alarming rise of Russian disinformation campaigns targeting European and US media. We explore how cloned websites of outlets like Der Spiegel, Le Monde, and The Washington Post are being used to spread fake news, manipulating public opinion. Pierre sheds light on the techniques behind these operations and the role European companies play in keeping them online. Show Notes EU Disinfo Lab on Doppelgänger Qurium - Under the hood of a Doppelgänger Correctiv - How Russia uses EU companies for its propaganda BayLfV report (German) Mid-year Doppelgänger information operations in Europe and the US

Chris Formosa and Steve Rudd work at Lumen's Black Lotus Labs, where they tackle the dark side of cybercrime. They dive into their findings on TheMoon malware, which has stealthily grown into a massive botnet. The duo discusses how outdated devices are exploited, revealing geographical patterns of attacks. They also unpack the complexities of faceless botnets, highlighting the challenges in cybersecurity and the resilience of these networks. Additionally, they explore the eerie parallels between cyber entities and ghosts in the digital landscape.

Visi Stark, a key figure in the Vertex Project, celebrates its 8th anniversary and reflects on the APT1 report's lasting impact. He delves into the evolution of threat intelligence and shares fascinating anecdotes about the shift from offensive security to intelligence analysis. The conversation highlights the challenges of data normalization and the shortcomings of large language models in generating accurate intelligence reports. Stark also discusses cyber espionage tactics and the need for collaboration among organizations to enhance investigative capabilities.

In this episode, I chat with Costin Raiu, former Director of Kaspersky's GReAT and now working as an independent researcher. Costin shares his journey into threat research, key career highlights, and current volunteer work aiding victims of the Pegasus malware. He also offers insights into possible future threats and potential visibility gaps to consider. Show Notes Costin Raiu Kaspersky GReAT ED011 RAV AntiVirus Red October Wild Neutron Equation Group Lazarus Group Noh Theater Staying Safe from Pegasus

Join me as I sit down with Pasquale and Bartosz, the organizers of PIVOTcon. In this episode, we'll delve into the fascinating origin story of this groundbreaking conference on Threat Research, which made its debut in May 2024 in the beautiful city of Malaga. Discover the inspiration, challenges, and triumphs, and learn why the art of coffee placement is an important detail to consider at such an extraordinary event. Show Notes Bartosz Jerzman Pasquale Stirparo PIVOTcon PIVOTcon Song

Aleksandar Milenkoski joins us in this Episode to share insights about his recent PIVOTcon talk on previously undisclosed details about several North Korean APT activities. Show Notes Aleks Profile PIVOTcon Talk Lazarus Group ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals PIVOTcon