The Sophos kernel implant, 'hack-back' implications, CIA malware in Venezuela

November 3rd, 2024  |  1 hr 54 mins

apt research, china, edr, nation-state, sophos, zero-day

Three Buddy Problem Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India.

Cast: Ryan Naraine (SecurityWeek), Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh).

Ep11: Cyberwarfare takes an ominous turn

September 6th, 2024  |  1 hr 15 mins

china, cisa, doppelganger, gru, influence operations, north korea, russia, skills shortage, skripal, south korea, unit 29155, yara, zero-day

Three Buddy Problem - Episode 11: Russia's notorious GRU Unit 29155 (previously tied to assassinations, poisonings and coup attempts) now blamed for destructive cyberattacks for sabotage; FBI and DOJ take down 'Doppelganger' network spreading Russian propaganda; CISA's budget, staff, advisories and YARA rules; Influence Operations 2.0; prolific Chinese hackers and global bug-disclosure implications; North Korean hacking capabilities and 0day expertise.

Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Ep9: The blurring lines between nation-state APTs and the ransomware epidemic

August 23rd, 2024  |  1 hr 6 mins

apt research, attribution, china, nation-state, ransomware, taiwan, xiaomi, zero-day

The 'Three Buddy Problem' Podcast Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution.

Plus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage.

Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers

January 5th, 2024  |  34 mins 7 secs

china, danny adamitis, lumen technologies, volt typhoon

Episode sponsors:

• Binarly, the supply chain security experts (https://binarly.io)
• FwHunt (https://fwhunt.run)

Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.

Danny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.

Dakota Cary on China's weaponization of software vulnerabilities

September 15th, 2023  |  55 mins 48 secs

apts, atlantic council, china, nation-state

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline.

In this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, nation state-backed threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.