Cybersecurity Advisors Network

Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here:  https://cybersecurityadvisors.network/2025/01/20/state-of-cyberwar-ep-8-2-military-cryptology-part-ii/ Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video at https://youtu.be/twC6NTt9R8E Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Episode artwork via Wikipedia Commons

Notes and Links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here:  https://cybersecurityadvisors.network/2025/01/16/new-podcast-military-cryptology-part-i/ Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video at https://youtu.be/kR11szyqDlg Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Episode artwork via Wikipedia Commons

Mei Danowski, co-founder of Natto Thoughts, and Eugenio Benincasa of ETH Zürich's Center for Strategic Studies, join us to explain China's cyber-exercise capabilities. Mei is a veteran strategic threat intelligence analyst and a founding member of the Natto Thoughts team, and Eugenio Benincasa is a senior cyberdefense researcher at the Swiss Federal Polytechnic Institute. Notes and Links can be found on the CyAN blog, at https://cybersecurityadvisors.network/2024/12/04/chinas-cyber-range-exercises/ Mei Danowski on LinkedIn: https://www.linkedin.com/in/meidanowski/ Eugenio Benincasa on LinkedIn: https://www.linkedin.com/in/eugenio-benincasa-07a9517a Original YouTube video at https://youtu.be/IbnWHWE22GI Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/  

Welcome to the second of our two-part edition on underwater communications cables. Hugo Tarrida and John Salomon discuss the current threat environment facing global underwater data links, motivations of actors, legal frameworks protecting these cables, and more. Notes and Links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here:  https://cybersecurityadvisors.network/2024/09/24/subsea-cables-part-ii-mind-the-sharks/ Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video at https://youtu.be/Q6v4d9E_ta0 Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Episode artwork via Wikipedia Commons

Welcome to the first of our two-part episode on underwater communications cables. Hugo Tarrida and John Salomon discuss the history and current situation surrounding the world of undersea comms infrastructure, and try to get a grasp of threats to the data links under our oceans that are an integral part of both civilian and military capabilities. Notes and Links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here:  https://cybersecurityadvisors.network/2024/09/10/subsea-cables-a-crunchy-target/ Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Original video at https://youtu.be/frhAL_EY-yw Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Episode artwork via Wikipedia Commons

State of (CyberWar) Episode 6.2 In part III of our Middle East cyberwarfare mini-series, Hugo Tarrida and John Salomon talk about probably the most complex topic yet - Iran. Following our analysis of the broader Middle East region, and of Israeli capabilities and activities, today's episode is an overview of Iran - the history of its online conflict capabilities, the history behind the establishment of these, and some major cyberattacks and influence campaigns attributed to the country and its various agencies and stakeholders. Notes and Links: As with our previous vide on Israel, it's difficult to judge the impartiality and factualness of many websites describing Iranian capabilities. We will thus stick to Wikipedia unless there’s something better - we tend to trust most US or European government agencies' and mainstream vendors' analysis, and certain reputable news sites unless there is a compelling reason not to do so. We lean a lot on "the usual suspects" such as the BBC, The Guardian, the Council on Foreign Relations, and particularly, Wikipedia; yes, we know you're not supposed to do that. As always, do your own homework and draw your own conclusions, we’re not here to push a narrative. We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint. As with Hebrew, we don't speak a word of Farsi. Online translations tend to be even less consistent than those for Hebrew, so again, your mileage may vary. 01:24 Because someone will inevitably get mad, and we don't want that. 02:13 Islamic Republic of Iran Armed Forces: https://en.wikipedia.org/wiki/Islamic_Republic_of_Iran_Armed_Forces (or if you prefer the official website: https://www.president.ir/en/76724) 02:02 IRGC: https://www.cfr.org/backgrounder/irans-revolutionary-guards 02:18 IRGC, aka "Sepah" (in Iran, according to Wikipedia): https://www.cfr.org/backgrounder/irans-revolutionary-guards - a very cursory search didn't yield an official website. Possibly they have some SEO work to do. 02:29 Quds Force: https://en.wikipedia.org/wiki/Quds_Force 02:34 Hezbollah: https://en.wikipedia.org/wiki/Hezbollah 02:35 Houthis: https://en.wikipedia.org/wiki/Houthi_movement 02:58 We may have gotten confused here - the US government has multiple pages listing sanctions on the "IRGC-CEC", but outside of these, and news articles covering these sanctions, we can't really find anything on this organization. There is, however, the IRGC Cyber Defense Command: https://www.globalsecurity.org/intell/world/iran/irgc-cyber.htm 03:50 A lot of information comes from either US government sanctions (see above), Iranian anti-government activist groups, and vendors/CSIRTs providing threat actor information - it is surprisingly difficult to find objective, well-researched information on IRGC and regular armed forces cyber actors. The language barrier is probably a major issue. 03:45 Information on the Supreme Council of Cyberspace (BBC: Supreme Council of Virtual Space) is slim, for example https://wilmap.stanford.edu/entries/regulatory-entity-supreme-council-cyberspace or Wikipedia´s page at https://en.wikipedia.org/wiki/Supreme_Council_of_Cyberspace_(Iran) - the official website has a lot of photos of guys in hats meeting and looking serious. 05:07 National Information Network: https://en.wikipedia.org/wiki/National_Information_Network 05:17 Great Firewall of China: https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/FreeExpressionVsSocialCohesion/china_policy.html - this comparison may be a bit of a stretch, although by some accounts we've read, Iran's domestic Internet offers pretty high speeds as well as content filtering/surveillance, so maybe it's not a terrible analogy. 06:20 Al Jazeera article on the topic: https://www.aljazeera.com/news/2024/2/24/iran-unveils-plan-for-tighter-internet-rules-to-promote-local-platforms 07:20 https://www.hackread.com/iran-biggest-cyber-army-israel/ - includes a link to INSS report on the topic (the mentioned Israeli think tank) 07:51 Honker Union: https://www.moderninsurgent.org/post/honker-union 07:57 2010, sorry. Article: https://www.zdnet.com/article/baidu-dns-records-hijacked-by-iranian-cyber-army/ 08:25 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a 08:32 https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran 08:44 For example: https://www.zdnet.com/article/mrbminer-crypto-mining-operation-linked-to-iranian-software-firm/ and https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a - that said, we may have gotten things a bit mixed up since there are also a lot of non-malware (of the massive-pile-of-FPGA type) Iranian cryptominers - a bunch of which were shut down in 2019 after power usage concerns: https://www.bbc.com/news/technology-48799155 09:16 Russian government entities may not be big ransomware actors, but Russian state-affiliated and state-tolerated actors are sure a different story... 09:40 A 2022 indictment of Iranian ransomware actors came alongside OFAC sanctions of IRGC-affiliated ransomware attacks around the same time: https://www.bleepingcomputer.com/news/security/us-govt-sanctions-ten-iranians-linked-to-ransomware-attacks/ 10:51 https://www.bbc.com/news/world-europe-62821757 11:12 OilRig / Helix Kitten: https://attack.mitre.org/groups/G0049/ 12:42 https://www.cfr.org/cyber-operations/ 13:20 https://www.darkreading.com/cyberattacks-data-breaches/iran-dupes-military-contractors-govt-agencies-cybercampaign 13:52 Shamoon: https://en.wikipedia.org/wiki/Shamoon 14:00 Sony Pictures hack: https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack 14:55 Operation Ababil: https://en.wikipedia.org/wiki/Operation_Ababil 15:24 Nope, not gonna link it 15:35 https://krebsonsecurity.com/tag/izz-ad-din-al-qassam-cyber-fighters/ 16:37 Edalat-e Ali: https://malpedia.caad.fkie.fraunhofer.de/actor/edalat-e_ali - note that a lot of sites discussing this group seem to have a decidedly anti-regime view. Not that that's a bad thing, but we're really trying to keep it factual 17:11 https://www.darkreading.com/threat-intelligence/iranian-apts-dress-up-as-hacktivists-for-disruption-influence-ops 18:18 Islamic Republic of Iran Broadcasting: +https://www.abu.org.my/portfolio-item/islamic-republic-of-iran-broadcasting/ - again, the Iranian government is really not great at (at least English language/international) SEO for their own websites 18:57 https://en.wikipedia.org/wiki/Mahsa_Amini_protests 20:57 https://en.wikipedia.org/wiki/Censorship_in_Iran 21:30 https://www.techradar.com/news/using-a-vpn-may-be-a-crime-under-strict-new-iran-internet-law - according to a Persian language website linked to in the above Wikipedia article, Khamenei ordered the Supreme Council of Cyberspace to ban VPNs outright in February 2024. 23:04 AnonGhost; https://cybernews.com/cyber-war/israel-redalert-breached-anonghost-hamas/ - a lot of sites associate it with #OpIsrael, for example https://www.hackread.com/opisrael-anonghost-claims-leaking-hundreds-of-israeli-facebook-account-credentials/ - but given Anonymous' decentralized and fluid nature, who knows (a case study on JSTOR (pdf) that makes only passing reference to #OpIsrael refers to "Anon" as a group which it most certainly is not...)| 28:18 https://www.reuters.com/fact-check/us-document-approving-8bn-military-aid-israel-is-fake-2023-10-09/ 31:14 https://en.wikipedia.org/wiki/2024_Iranian_strikes_in_Israel 31:44 https://www.japantimes.co.jp/news/2024/04/17/world/politics/digital-misinformation-iran-strike 33:02 https://archive.nytimes.com/thelede.blogs.nytimes.com/2008/07/10/in-an-iranian-image-a-missile-too-many/ 34:54 Press TV: https://www.presstv.ir/ - Wikipedia: https://en.wikipedia.org/wiki/Press_TV 38:06 Also check out our episode on Chinese disinformation activities, including the 50 Cent Party: https://youtu.be/xBAJ2rBKrMc Bonus links about Iranian disinformation activities: Natto Thoughts always has some good resources on disinformation: https://nattothoughts.substack.com/p/mideast-crisis-and-russia-cyberspace New York Times - "From Opposite Sides of War, a Hunt for Elusive Facts": https://www.nytimes.com/2024/01/25/business/media/misinformation-fact-checking Israel-Hamas armed conflict resource hub: https://www.disinfo.eu/israel-hamas-resource-hub/ How Longstanding Iranian Disinformation Tactics Target Protests - https://www.washingtoninstitute.org/policy-analysis/how-longstanding-iranian-disinformationtactics-target-protests Israel-Hamas armed conflict resource hub - https://www.disinfo.eu/israel-hamas-resource-hub/ You can find CyAN's Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors - and of course, our videos about cyber conflict on the State of (Cyber)War playlist here. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on our Media page. Original video at https://youtu.be/GAeyNb4-27A Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

https://www.disinfo.eu/israel-hamas-resource-hub/ - a list of resources surrounding disinformation in the Israel-Hamas conflict Our friends at Natto Thoughts on disinformation in the Mideast conflict: https://nattothoughts.substack.com/p/mideast-crisis-and-russia-cyberspace The New York Times on fact hunting in the Israel-Hamas conflict: https://www.nytimes.com/2024/01/25/business/media/misinformation-fact-checking-israel-hamas.html Original video at https://youtu.be/KtshVacVwZ0 You can find CyAN's Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors - and of course, our videos about cyber conflict on the State of (Cyber)War playlist here. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on our Media page. Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ State of (CyberWar) Episode 6.1 Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series. We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns, We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation. If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck Notes and links: Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative. We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint. Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary. 02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/ 02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200 03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/ 03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81 05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/ 06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/ 07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/ 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though 11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations 12:16 We're going to assume you're capable of looking up Snowden and his revelations on your own 12:30 Stuxnet 2.0: https://cyware.com/news/stuxnet-20-iran-hit-by-new-more-aggressive-variant-of-powerful-industrial-control-malware-9d9c9a73 15:37 Duqu: https://www.enisa.europa.eu/media/news-items/duqu-analysis 15:38 Flame: https://www.bbc.com/news/technology-18238326 15:39 Duqu 2.0: https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks - the Guardian is one of the outlets that linked Duqu 2.0 to Israel 16:21 Kaspersky's Equation Group overview: https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of-cyber-espionage 17:13 Some info on those particular negotiations: https://www.cfr.org/backgrounder/what-iran-nuclear-deal 17:45 The NY Times article: https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html 18:38 Correction: Iranian officials disconnected oil terminals themselves as a reactive measure. BBC reporting about initial attack - https://www.bbc.com/news/technology-17811565 - and followup: https://www.bbc.com/news/technology-18253331 19:44 Pegasus (NSO Group): https://en.wikipedia.org/wiki/Pegasus_(spyware) - interestingly, just after we finished this recording, there were reports of "fake" Pegasus variants for sale: https://www.infosecurity-magazine.com/news/fake-pegasus-spyware-dark-web/ 20:16 Kaspersky on Flame: https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-experts-provide-in-depth-analysis-of-flame-s-c-c-infrastructure 20:51 NSO Group: https://www.nsogroup.com/ 21:18 Chrysaor: https://www.independent.co.uk/tech/chrysaor-android-spyware-app-smartphone-cameras-hack-photos-pegasus-google-a7666306.html 21:34 https://www.calcalistech.com/ctech/articles/0,7340,L-3927410,00.html 21:41 Should have dug just a little more: https://www.reuters.com/technology/microsoft-watchdog-group-say-israeli-spyware-used-hack-civil-society-2023-04-11/ 22:33 Again the Guardian: https://www.theguardian.com/world/2022/may/03/over-200-spanish-mobile-numbers-possible-targets-pegasus-spyware 23:32 Start here: https://en.wikipedia.org/wiki/Rif_War - see you in a few months 23:56 https://www.telegraph.co.uk/world-news/2024/05/17/spain-blocks-ship-carrying-weapons-israel-gaza-war/ 24:09 This is a very contentious, and very open legal question. 24:21 (German link) https://www.sueddeutsche.de/politik/us-geheimdienst-nsa-forschte-merkel-umfassender-aus-als-bislang-bekannt-1.2876007 - caveat: it's Wikileaks. They have been known to have...issues. That said, the investigation was closed in 2015 due to insufficient evidence: https://www.npr.org/sections/thetwo-way/2015/06/12/413866194/germany-closes-probe-into-alleged-u-s-hacking-of-merkels-phone - again, make of that what you will. 25:26 Predatory Sparrow/Gonjeshke Darande: https://www.bbc.com/news/technology-62072480 (with bonus steel mill fire video and dramatic music). Wired article with timeline of attacks: https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/ 25:54 https://foreignpolicy.com/2024/04/16/iran-israel-conflict-missile-attack-cyberattacks-warfare/ 28:50 https://www.jpost.com/business-and-innovation/article-731636 - interestingly, a lot of the best investigative journalism exposing this kind of Israeli activity comes from the Jerusalem Post, Haaretz, and other Israeli news channels. Another story from Haaretz, and one from The Guardian on the topic 31:13 Very intelligently, we failed to note down the link to the specific story. Good job. But looking for idf manipulate social media site:haaretz.com yields a bonanza of articles on the topic. 31:51 Given Eurovision's colorful history of political controversies, we're not even going to start on this one...for the 2024 contest, there's numerous claims that the Israeli Ministry of Foreign Affairs ran a campaign to influence audience voting - here's an article (in Hebrew, use the translation site of your choice) from Ynet: https://www.ynet.co.il/news/article/sykjyhaza 32:36 For example, via the IDF Spokesperson's Unit International Media Branch: https://en.wikipedia.org/wiki/IDF_Spokesperson's_Unit. In fairness, a lot of government agencies / armed forces actively try to shape public perception through relationships with private sector channels. The US Defense Department's relationship is a very well documented example, with the Entertainment Media Office providing personnel and equipment to film productions that follow strict rules about how the US armed forces are portrayed: https://www.latimes.com/archives/la-xpm-2011-aug-21-la-ca-military-movies-20110821-story.html (Wikipedia: https://en.wikipedia.org/wiki/Military%E2%80%93entertainment_complex). It's a safe assumption that most major militaries do not have just media and public relations teams, but actively cultivate contacts with journalists to try and influence their reporting. Bonus links from Hugo: https://www.disinfo.eu/israel-hamas-resource-hub/ - a list of resources surrounding disinformation in the Israel-Hamas conflict Our friends at Natto Thoughts on disinformation in the Mideast conflict: https://nattothoughts.substack.com/p/mideast-crisis-and-russia-cyberspace The New York Times on fact hunting in the Israel-Hamas conflict: https://www.nytimes.com/2024/01/25/business/media/misinformation-fact-checking-israel-hamas.html Original video at https://youtu.be/KtshVacVwZ0 You can find CyAN's Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors - and of course, our videos about cyber conflict on the State of (Cyber)War playlist here. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on our Media page. Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

In today's conversation, Craig Rowland joins us to talk about the often overlooked significance of Linux as a key part of global communications and computing infrastructure, and discuss various types threats targeting Linux systems.   Malware, attackers, and techniques are often very distinct from those seen on Windows; Craig shares insights all of these from his extensive experience both writing and reverse-engineering Linux malware. Craig is CEO of Sandfly Security, a New Zealand-based provider of Linux threat behavior scanning tools.  Full disclosure:  John Salomon is a paid consultant to Sandfly Security. Notes from the video: 03:48 I can't find a source for the 95% figure, but a 2023 ZDNet article says 90%, which seems to be the most common figure:  https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/ 03:55 Percentage of top million websites running Linux is another interesting statistic, which seems to be well above 90%.  For example:  https://gitnux.org/linux-statistics/ 04:08 https://www.linuxinsider.com/story/the-flying-penguin-linux-in-flight-entertainment-systems-65541.html etc. etc. 05:54 France's Gendarmerie Nationale:  https://en.wikipedia.org/wiki/GendBuntu 06:40 https://www.zdnet.com/article/linux-not-windows-why-munich-is-shifting-back-from-microsoft-to-open-source-again/ 14:10 A propos, F5 has some interesting ways of using web shells as an attack vector:  https://www.f5.com/labs/learning-center/web-shells-understanding-attackers-tools-and-techniques 14:40 "attacks on kubernetes" is a fun web search string.  Same for "attacks on S3 buckets".  Enjoy. 14:56 https://redis.io/solutions/messaging/ 15:42 https://en.wikipedia.org/wiki/Patch_Tuesday 17:40 To be fair, Bob in Accounting is a pretty powerful entry point to the organization for various types of cyberattackers. 19:35 Mirai botnet:  https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/ 19:37 NoaBot:  https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 20:35 Chroot (change root directory):  https://wiki.archlinux.org/title/chroot 27:42 PuTTY:  https://www.putty.org/ 29:45 There are several cryptojackers that try to neutralize competing malware, e.g. ChaosRAT https://www.trendmicro.com/en_th/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html or Jenkins https://www.f5.com/labs/articles/threat-intelligence/new-jenkins-campaign-hides-malware--kills-competing-crypto-miner 35:30 For example LockBit:  https://www.akamai.com/blog/security/learning-from-the-lockbit-takedown 35:37 My mistake - AvosLocker is also a Linux port of Windows malware:  https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker - HiddenWasp may be a better example:  https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/hiddenwasp-malware-targets-linux-systems-borrows-code-from-mirai-winnti 35:42 Diamorphine LKM rootkit:  https://github.com/m0nad/Diamorphine 36:44 https://core.vmware.com/esxi - an example is ESXiArgs ransomware:  https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a 38:42 Abuse.ch MalwareBazaar:  https://bazaar.abuse.ch/ 38:49 Fraunhofer FKIE Malpedia:  https://malpedia.caad.fkie.fraunhofer.de 39:35 You could just run a Linux version of the virus aquarium:  https://xkcd.com/350/ 39:52 A few examples of VM detection:  https://www.cynet.com/attack-techniques-hands-on/malware-anti-vm-techniques/ 41:15 Joe Sandbox:  https://www.joesandbox.com/ 42:10 No I won't, because I can't find it.  Bit of Baader-Meinhof going on there... 42:59 https://www.youtube.com/@SandflySecurity Craig on LinkedIn:  https://www.linkedin.com/in/craighrowland/ Sandfly Security:  https://sandflysecurity.com Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Original video available at https://youtu.be/W-7edx7Le6Y?si=NOoOy1kF3KiVOPUe

In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about the background and current state of cyber conflict in the Middle East.   We give an overview of some of the major state actors involved, and zero in on the structures, groups, and motivations of the two main regional adversaries - Iran and Israel. Notes and links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here:  https://cybersecurityadvisors.network/2024/04/10/state-of-cyberwar-episode-5-notes/ Original video episode avaialable at https://youtu.be/X3wkTszRlck Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400 Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170  

In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about China's approach to cyberwar.  What is the history behind Chinese cyber capabilities?  What are Chinese geopolitical, economic, and social objectives that drive their international cyber activities?  What are some of the biases that we should be aware of when evaluating the trajectory of China and its cyberwar abilities? Also don't forget to check out our previous video about Chinese disinformation activities here:  https://youtu.be/xBAJ2rBKrMc Notes and links: Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/ Wikipedia article worth reading about Chinese cyber warfare:  https://en.wikipedia.org/wiki/Cyberwarfare_by_China 05:42 Granted, Stuxnet was a joint US-Israeli venture - https://en.wikipedia.org/wiki/Stuxnet 07:06 https://www.reuters.com/world/russia-says-its-working-major-new-agreement-with-iran-2023-12-12/ 14:05 Titan Rain - https://en.wikipedia.org/wiki/Titan_Rain  Related:  Operation Aurora (2009) - https://en.wikipedia.org/wiki/Operation_Aurora 15:20 https://www.npr.org/2022/05/11/1098368201/a-spying-scandal-and-the-fate-of-western-sahara 17:07 The case of Wen Ho Lee, one of several perpetrators of military espionage:  https://sgp.fas.org/crs/nuke/RL30143.pdf 20:30 https://nattothoughts.substack.com - Nellie Ohr and her team do excellent analysis work 20:50 "An Analysis of China's Great Cannon" - https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf  Shoutout to fellow UC Berkeley CSUA member Nick Weaver for co-authoring this paper) 27:48 E.g. "The 'Century of Humiliation' and China's National Narratives" - https://www.uscc.gov/sites/default/files/3.10.11Kaufman.pdf 29:42 Belt and Road Initiative - https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 32:38 Referenced here:  https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare ("Definitions" section) 32:45 The Three Warfares:  https://apps.dtic.mil/sti/tr/pdf/ADB372300.pdf 34:04 The Nine-Dash Line:  https://chinaus-icas.org/research/map-spotlight-nine-dash-line/ 34:52 In fact, ruled to be explicitly illegal by the Permanent Court of Arbitration in 2016:  https://pca-cpa.org/en/news/pca-press-release-the-south-china-sea-arbitration-the-republic-of-the-philippines-v-the-peoples-republic-of-china/ 36:19 US FBI director Christopher Wray recently warned about this:  https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-security The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics.  We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.   Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Original YouTube video at https://youtu.be/HLVPDojARh0