Revisiting the Lamberts, i-Soon indictments, VMware zero-days
March 8th, 2025
1 hr 39 mins 32 secs
Tags
About this Episode
Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play.
Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections.
Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.
Episode Links
- Transcript (unedited, AI-generated)
- Kim Zetter: Did Trump admin order a stand-down on Russia?
- Unraveling the Lamberts Toolkit (Securelist)
- VB2019: King of the hill: nation-state counterintelligence for victim deconfliction
- VB2018: Draw me like one of your French APTs
- Symantec: Who is Longhorn?
- VMware: Three new zero-days exploited
- Broadcom patches 3 VMware zero-days exploited in the wild
- DOJ indictments: i-Soon hackers for hire and APT27
- Unmasking I-Soon
- Catalan court orders former NSO Group execs be indicted for spyware abuses
- Apple sending 'mercenary spyware' threat notifications
- How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist
- Safe{Wallet] post-mortem on ByBit $1.4B crypto heist