Ep2: A deep-dive on disrupting and exposing nation-state malware ops

June 29th, 2024  |  1 hr 8 mins

apt, google, microsoft, nation-state, polyfill, russia, teamviewer

The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware.

We also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.

Costin Raiu joins the XZ Utils backdoor investigation

April 5th, 2024  |  51 mins 33 secs

apt, apt29, lazarus, solarwinds, stuxnet, xz utils

Episode sponsors:

• Binarly, the supply chain security experts (https://binarly.io)
• XZ.fail backdoor detector (https://xz.fail)

Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.

Based on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.

Patrick Howell O'Neill, Cybersecurity Editor, MIT Technology Review

March 30th, 2021  |  25 mins 52 secs

apt, attribution, google, journalism, nation-state malware, project zero, story-telling

Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter.

Costin Raiu, Global Director, GReAT, Kaspersky Lab

September 3rd, 2018  |  51 mins 21 secs

apt, ics-scada, targeted-attacks, threat-intel

Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.

Juan Andrés Guerrero-Saade, Principal Security Researcher, Recorded Future

May 14th, 2018  |  1 hr 1 min

apt, threat-intel

Principal Security Researcher at Recorded Futures Insikt Group, Juan Andrés Guerrero-Saade, explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don't have to be sophisticated to launch successful attacks.

Robert M. Lee, Chief Executive Officer, Dragos Inc.

May 10th, 2018  |  54 mins 44 secs

apt, ics-scada, targeted-attacks, threat-intel

The founder and CEO of Dragos, Inc. Robert M. Lee cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.

Tim Maurer, Scholar, Carnegie Endowment for International Peace

March 5th, 2018  |  32 mins 31 secs

apt, ics-scada, targeted-attacks, threat-intel

Tim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.

Christopher Ahlberg, CEO, Recorded Future

January 30th, 2018  |  29 mins 3 secs

apt, ics-scada, targeted-attacks, threat-intel

Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.

Kim Zetter, Journalist and Author

December 29th, 2017  |  52 mins 6 secs

apt, ics-scada, targeted-attacks, threat-intel

Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.