Typhoons and Blizzards: Cyberespionage and national security on front burner

October 11th, 2024  |  1 hr 9 mins

apt29, ivanti, midnight blizzard, salt typhoon, zero-day

Three Buddy Problem Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Costin Raiu joins the XZ Utils backdoor investigation

April 5th, 2024  |  51 mins 33 secs

apt, apt29, lazarus, solarwinds, stuxnet, xz utils

Episode sponsors:

• Binarly, the supply chain security experts (https://binarly.io)
• XZ.fail backdoor detector (https://xz.fail)

Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.

Based on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.