Subscribe now

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/

• https://www.nksc.lt/doc/ENISA-WannaCry-v1.0.pdf

• https://www.elastic.co/blog/wcrywanacry-ransomware-technical-analysis

• https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3681065/national-security-agency-announces-retirement-of-cybersecurity-director/

• https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

• https://en.wikipedia.org/wiki/Tailored_Access_Operations

• https://en.wikipedia.org/wiki/Michael_Hayden_(general)

• https://upload.wikimedia.org/wikipedia/commons/7/7d/ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_%28July_2020%29.pdf

• https://commons.wikimedia.org/wiki/File:ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_(July_2020).pdf

• https://www.securityweek.com/us-army-report-describes-north-koreas-cyber-warfare-capabilities/

• https://www.cs2ai.org/post/u-s-army-report-describes-north-korea-s-cyber-warfare-capabilities

• https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government

• https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/

• https://www.darkreading.com/cyberattacks-data-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic

• https://www.bankinfosecurity.com/blogs/wannacrys-ransom-note-great-in-chinese-poor-in-korean-p-2481

• https://trumpwhitehouse.archives.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/

• https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431/

• https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/

• https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

• https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government

• https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023/

• https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/

• https://darknetdiaries.com/transcript/158/

• https://www.britannica.com/biography/Kim-Yo-Jong

• https://thediplomat.com/2026/02/why-kim-ju-aes-path-to-power-is-structurally-blocked/

• https://www.tripwire.com/state-of-security/malwaretech-wannacry-kronos-understanding-connections

Books:

• The Psychology of Totalitarianism by Mattias Desmet

• The Lazarus Heist by Geoff White

• Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Key Topics:

• Early-stage AI hype vs. real economic impact

• Cultural backlash in creative communities

• Geopolitical and energy constraints on AI scaling

• Job disruption, education failure, and potential social unrest

• Critique of Anthropic’s safety approach and effective altruism ties
  
  

  ---

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Books:

• Game Theory: A Very Short Introduction by Ken Binmore

• Theory of Games and Economic Behavior by John Von Neumann , Oskar Morgenstern

Links and Resources:

• https://retractionwatch.com/2025/12/03/authors-retract-nature-paper-projecting-high-costs-of-climate-change/

• https://www.nytimes.com/2025/12/03/business/economy/study-climate-damage-retracted.html

• https://www.euronews.com/green/2025/12/04/major-study-on-catastrophic-cost-of-climate-change-retracted-but-revised-figures-remain-al

• https://www.techbuzz.ai/articles/anthropic-s-daniela-amodei-safe-ai-will-win-the-market-war

• https://nypost.com/2025/11/09/business/ai-giant-anthropics-ties-to-cult-like-effective-altruism-democrat-megadonors-on-trump-admins-radar/

• https://www.cnbc.com/2025/10/21/anthropic-ceo-trump-sacks-woke.html

• https://en.wikipedia.org/wiki/Effective_altruism

• https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html

• https://en.wikipedia.org/wiki/Longtermism

• https://aeon.co/essays/why-longtermism-is-the-worlds-most-dangerous-secular-credo

• https://en.wikipedia.org/wiki/Intelligentsia

• https://geopoliticalfutures.com/intellectuals-thugs-russian-revolution/

• https://lexfridman.com/dario-amodei

• https://cepr.org/voxeu/columns/ai-and-paperclip-problem
  

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Key Topics:

• State of the frontier AI landscape and competitive dynamics (2026 perspective)

• Description and breakdown of the Anthropic-reported AI-orchestrated cyber espionage campaign (GTG-1002)

• Technical limitations, hallucinations, and operational skepticism
  

  ---

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.anthropic.com/news/disrupting-AI-espionage

• https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf

• https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/

• https://cyberscoop.com/anthropic-ai-orchestrated-attack-required-many-human-hands/

• https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/

• https://arxiv.org/pdf/2412.19437
  

  
  

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Key Topics:

• Lab Dookhtegan’s emergence as an Iranian hacktivist group targeting the regime through hack-and-leak operations, data leaks, and sabotage since 2019.

• Key attacks, including the 2019 leak of APT34 tools, multiple doxings of IRGC officials from 2020 to 2024, and election interference exposures.

• Destructive maritime cyber attacks in March and August of 2025 disrupted 116 and 64 Iranian sanction-evading ships via supply chain compromise.

• Speculations on Lab Dookhtegan’s potential ties to nation-states like the US or Israel for plausible deniability in proxy operations.

• Comparisons to other hacktivist groups like KillNet (Russian-backed) and Blackjack (Ukrainian-aligned), highlighting overlaps between hacktivism and state-sponsored cyber activities.
  
  

  ---

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Books:

• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg

Links and Resources:

• https://cybershafarat.com/2023/10/09/lab-dookhtegan-supports-us-against-hamas-hezbollah/

  https://www.rferl.org/a/farda-briefing-iran-water-crisis-israel-help/33503264.html

  https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/

  https://securityaffairs.com/117506/apt/iran-state-sponsored-ransomware.html

  https://flashpoint.io/blog/second-iranian-ransomware-operation-project-signal-emerges/

  https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf

  https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf

  https://blog.sekoia.io/iran-cyber-threat-overview/

  https://x.com/LabDookhtegan2/status/1754860930599403851

  https://x.com/LabDookhtegan2/status/1737531151424565421

  https://x.com/LabDookhtegan2/status/1734144401687842971

  https://x.com/LabDookhtegan2/status/1757333667242770769

  https://home.treasury.gov/news/press-releases/jy2072

  https://x.com/LabDookhtegan2/status/1767939764966047877

  https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/

  https://x.com/LabDookhtegan2/status/1824131756884365386

  https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf

  https://cybershafarat.com/2021/11/26/lab-dookhtegan-the-regime-and-me-we-aint-mates-huge-data-reveal/

  https://cydome.io/lab-dookhtegan-cyberattack-second-wave-findings-aug-2025/

  https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm

  https://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minions

  https://en.wikipedia.org/wiki/Killnet

  https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity

  https://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/

  https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=en

  https://en.wikipedia.org/wiki/LulzSec
  https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/
  https://go.recordedfuture.com/hubfs/reports/cta-2024-0125.pdf
  https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
  https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
  https://home.treasury.gov/news/press-releases/jy2072
  https://en.wikipedia.org/wiki/March%E2%80%93May_2025_United_States_attacks_in_Yemen
  https://cybershafarat.com/2024/11/01/the-attempt-of-shahid-shushtri-also-known-as-emennet-pasargad-a-cyber-group-affiliated-with-the-islamic-revolutionary-guard-corps-to-interfere-in-the-upcoming-american-elections-iran-internatio/
  

  
  

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Key Topics:

• US-Iran Historical Tensions

• Iran’s Demographics & Strategy

• Nuclear Program & 2025 Strikes

• Proxy Networks (Axis of Resistance)

• Iranian Cyber Threat Actors
  
  

  ---

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Books:

• Stuxnet and the Launch of the World’s First Digital Weapon Countdown to Zero Day - Kim Zetter

• Iran’s Perilous Pursuit of Nuclear Weapons — David Albright & Sarah Burkhard

• From Intel to Iran: The Defection of Monica Witt — Borna Ahadi

Links and Resources:

• https://en.wikipedia.org/wiki/Judicial_system_of_the_Islamic_Republic_of_Iran

• https://attack.mitre.org/groups/G0069/

• https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming

• https://cloud.google.com/security/resources/insights/apt-groups#global-threats-iran

• https://en.wikipedia.org/wiki/Shamoon

• https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a

• https://cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/

• https://iapp.org/news/b/black-shadow-hackers-re-emerge-with-second-israeli-breach

• https://www.securiwiser.com/news/black-shadow-hits-cyberserve-and-lgbtq-dating-app-client/

• https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations

• https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation

• https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks

• https://www.mei.edu/publications/iranian-apts-overview

• https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises

• https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents

• https://darknetdiaries.com/transcript/30/

• https://risky.biz/why-iran-is-a-scaredy-cat-cyber-chicken/

• https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies

• https://home.treasury.gov/news/press-releases/sm1127

• https://mjolnirsecurity.com/the-asymmetric-battlefield-an-anthropological-and-geopolitical-analysis-of-iranian-cyber-threats-to-north-american-critical-infrastructure/

• https://cloud.google.com/blog/topics/threat-intelligence/apt33-insights-into-iranian-cyber-espionage

• https://www.picussecurity.com/resource/blog/understanding-active-iranian-apt-groups

• https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025

• https://www.mei.edu/publications/iranian-apts-overview

• https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks

• https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation

• https://www.darkreading.com/vulnerabilities-threats/anatomy-of-the-new-iranian-apt

• https://www.infopoint-security.de/medien/fireeye-operation-saffron-rose.pdf

• https://narimangharib.com/

• https://darknetdiaries.com/transcript/30/

• https://www.youtube.com/playlist?list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew

• https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/

• https://cloud.google.com/blog/topics/threat-intelligence/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware

  
  

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://github.com/demining/Physical-Bitcoin-Attacks

• https://www.raicescyber.org/

• https://www.wsj.com/us-news/second-suspect-surrenders-in-alleged-new-york-crypto-kidnapping-case-103e06c6

• https://www.wsj.com/video/botched-kidnapping-attempt-in-paris-as-criminals-target-crypto-wealth/9E10C74A-5158-49AF-B625-4ABA5EDC5B6E

• https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976

• https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a

• https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36

• https://academy.intel-ops.io/courses/hunting-adversary-infra

• https://web.archive.org/web/20201206081245/https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/psychology-of-intelligence-analysis/PsychofIntelNew.pdf

• https://irp.fas.org/doddir/army/

• https://irp.fas.org/doddir/army/gta33_01_006.pdf

• Host: Josh Stepp

• Produced by: Josh Stepp

• Guest: David Sanchez

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

In this informal mini-episode, Josh Stepp delves into two AI-related topics. First, he explores the "Vending Bench" research paper, which tests the long-term coherence of LLM-based agents running a vending machine business, revealing high variance in performance, with top models like Claude 3.5 Sonnet and OpenAI's O3 Mini outperforming humans but occasionally spiraling into chaotic behaviors like spamming the FBI over minor issues. Then, Josh reacts to a Pentest Partners blog post about exploiting SharePoint via Microsoft's CoPilot, highlighting how attackers can bypass access controls and forensic tracking to mine sensitive data

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://arxiv.org/pdf/2502.15840

• https://andonlabs.com/

• https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Subscribe now

Main Topics Discussed

• Polyfill.io Attack Overview

• Timeline of Events

• Malware Mechanics

• Open-Source Vulnerabilities

• Implications and Solutions

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://blog.qualys.com/vulnerabilities-threat-research/2024/06/28/polyfill-io-supply-chain-attack

• https://cside.dev/blog/the-polyfill-attack-explained

• https://therecord.media/polyfill-cloudflare-trade-barbs-supply-chain-attack

• https://news.ycombinator.com/item?id=40792136

• https://news.ycombinator.com/item?id=40804254

• https://risky.biz/RB755/

• https://web.archive.org/web/20230505112634/https://polyfill.io/v3/ownership-transfer

• https://web.archive.org/web/20230601214142/https://jakechampion.name/

• https://web.archive.org/web/20231011015804/https://polyfill.io/

• https://web.archive.org/web/20231101040617/https://polyfill.io/

• https://github.com/polyfillpolyfill/polyfill-service/commit/5f4fc040e09436371f70ffcebe47ca0e3cdccac0

• https://github.com/polyfillpolyfill/polyfill-service/commit/aa261a834b36131e8dbd20d725c6b5d773f736d9

• https://github.com/polyfillpolyfill/polyfill-service/issues/2892

• https://sansec.io/research/polyfill-supply-chain-attack

• https://www.theregister.com/2025/05/06/from_russia_with_doubt_go/

• https://huntedlabs.com/the-russian-open-source-project-that-we-cant-live-without/

• https://x.com/weirddalle/status/1922396432977346973

• https://www.berkshirehathaway.com/

• https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk/

• https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet/

  ---

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Step back into the late 1980s and early 1990s in Sofia, Bulgaria, a nation transitioning from communism and becoming an unexpected epicenter for early computer virus creation. This episode delves into the story of Vesselin Bontchev, a young researcher studying the nascent threat of computer viruses, and the emergence of the notorious virus writer known only as "Dark Avenger". Explore the destructive nature of early viruses like "Eddie" and the escalating rivalry between Bontchev, who sought to counter the viral threat, and Dark Avenger, who released increasingly malicious code and even targeted Bontchev directly. Discover how American Sarah Gordon stumbled into this world, her interactions with Dark Avenger, and the creation of the revolutionary, dangerous Mutation Engine (MtE). We'll also examine the unique socio-economic conditions in Bulgaria that fostered this "Virus Factory," including a surplus of skilled tech enthusiasts with limited opportunities and widespread software piracy.

Subscribe now

Main Topics Discussed

• The Bulgarian Virus Scene: The episode explores how Bulgaria, particularly Sofia, became a surprising hub for computer virus creation in the late 80s and early 90s, coinciding with the country's political and economic transition.

• Vesselin Bontchev vs. Dark Avenger: A central theme is the rivalry between Vesselin Bontchev, an anti-virus researcher, and the prolific, malicious virus writer known as Dark Avenger. This includes Dark Avenger's increasingly sophisticated viruses (like Eddie and Nomenklatura), his targeting of Bontchev and others, and Bontchev's efforts to analyze and combat the viruses.

• Sarah Gordon and the Mutation Engine (MtE): The story of Sarah Gordon, an American who became fascinated with the Bulgarian virus scene and interacted with Dark Avenger. This interaction led to Dark Avenger creating the groundbreaking and dangerous Mutation Engine (MtE), a tool allowing viruses to constantly change their code to evade detection.

• Psychology and Sociology of Virus Writing: The episode touches upon the motivations behind virus creation, including seeking fame, rebellion against authority, socio-economic factors like lack of opportunity and widespread software piracy in Bulgaria, and Sarah Gordon's research into the mindset of virus writers.

• Early Computer Viruses and Anti-Virus Efforts: The discussion covers the nature and mechanics of early computer viruses (e.g., infecting .com/.exe files, corrupting disk sectors, targeting the FAT) and the nascent anti-virus techniques and communities forming to combat them (like CARO and FidoNet).

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://bontchev.nlcv.bas.bg/papers/factory.html#The%20Dark%20Avenger

• https://www.f-secure.com/v-descs/eddie.shtml

• https://www.theguardian.com/news/2023/may/09/on-the-trail-of-the-dark-avenger-the-most-dangerous-virus-writer-in-the-world

• https://en.wikipedia.org/wiki/Sarah_Gordon_(computer_scientist)

• Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

• https://(.)youtu.be/1iq9w5Tn_DQ

• https://(.)www.youtube.com/watch?v=NtJ0CQ7K6_4&ab_channel=DEFCONConference

  ---

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!

Dive into the complex world of cybersecurity and geopolitics with this addendum episode of Intrusions in Depth, hosted by Josh Stapp. Expanding on the Salt Typhoon episode, this podcast explores China's strategic cyber operations, global ambitions, and the evolving nature of modern warfare. From hacking tactics to pursuing economic and military dominance. Learn how groups like Salt Typhoon fit into China's broader geopolitical goals.

Main Topics Discussed:

1. China’s Strategic Goals and the "China Dream": Examines Xi Jinping’s vision for China’s rejuvenation, aiming for economic prosperity, technological leadership, and military strength by 2049, with initiatives like Made in China 2025 and the Belt and Road Initiative.

2. Evolution of Warfare and Unrestricted Warfare Doctrine: Analyzes how China’s approach to warfare, inspired by the 1999 book Unrestricted Warfare, blends cyber, economic, and psychological tactics to exploit vulnerabilities, contrasting with Western military strategies.

3. The AI Race and Technological Competition: Explores the U.S.-China race for AI dominance, highlighting differences in innovation styles, data privacy approaches, and the role of AI as a force multiplier in modern conflicts.

4. Soft Power and Global Influence: Discusses China’s soft power strategies, including cultural exports like Confucius Institutes, economic diplomacy via the Belt and Road Initiative, and narrative control to shape global perceptions.

5. Deterrence and Defense Against Cyber Threats: Proposes solutions to counter groups like Salt Typhoon, weighing the challenges of bolstering cyber defenses and imposing economic or diplomatic costs on adversaries without escalating conflicts.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

TheSequence

The Sequence Opinion #489: CRAZY: How DeepSeek R1 Bypassed CUDA with Lower-Level GPU Optimization Techniques

A lot has been written about DeepSeek R1 and its clever innvoations over the last few weeks. However, one of the aspects that hasn’t received a lot of attention has been their work on GPU level optimizations. It makes sense that DeepSeek has to do some work in that are considering some of the reported GPU constraints they were dealing with but when I read about this in the technical report I thought it was a mistake. The level of optimization is insane to the point of bypassing NVIDIA’s CUDA altogether and leverage PTX programming, utilize NCCL for communication efficiency, and adopt other advanced techniques…

Read more

a year ago · 19 likes · 1 comment · Jesus Rodriguez

• https://fs.blog/bias-conjunction-fallacy/

• https://en.wikipedia.org/wiki/Torrijos%E2%80%93Carter_Treaties

• https://en.wikipedia.org/wiki/Operation_Fox_Hunt

• https://en.wikipedia.org/wiki/Chinese_intelligence_activity_abroad

• https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/

• https://www.propublica.org/article/operation-fox-hunt-how-china-exports-repression-using-a-network-of-spies-hidden-in-plain-sight

• https://foreignpolicy.com/2018/10/11/if-the-u-s-doesnt-control-corporate-power-china-will/

• https://www.fbi.gov/news/speeches/the-threat-posed-by-the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states

• https://en.wikipedia.org/wiki/Alberto_Fujimori

• https://en.wikipedia.org/wiki/Ferdinand_Marcos

• https://foreignpolicy.com/2025/01/07/china-salt-typhoon-hack-threat-panic-washington/

• https://scholarworks.uvm.edu/cgi/viewcontent.cgi?article=1440&context=hcoltheses

• https://luluyan.medium.com/deepseeks-prompt-engineering-secret-there-is-no-secret-8107b14e1e56

• https://www.vellum.ai/blog/the-training-of-deepseek-r1-and-ways-to-use-it

• https://www.techtarget.com/whatis/feature/DeepSeek-explained-Everything-you-need-to-know

• https://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women

• https://www.cfr.org/backgrounder/made-china-2025-threat-global-trade

• https://apt.etda.or.th/cgi-bin/showcard.cgi?g=APT%2031%2C%20Judgment%20Panda%2C%20Zirconium&n=1

• https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/

• https://breakingdefense.com/2021/09/chinas-new-data-security-law-will-provide-it-early-notice-of-exploitable-zero-days/

• https://en.wikipedia.org/wiki/Made_in_China_2025

• https://en.wikipedia.org/wiki/Century_of_humiliation

Books:

• Mindf*ck: Cambridge Analytica and the Plot to Break America

  by Christopher Wylie

• Targeted: My Inside Story of Cambridge Analytica and How Trump and Facebook Broke Democracy by Brittany Kaiser

• Unrestricted Warfare: China's Master Plan to Destroy America

  by Qiao Liang, Wang Xiangsui

• Principles for Dealing with the Changing World Order: Why Nations Succeed and Fail by Ray Dalio
  

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

This episode of The IntrusionsinDepth Podcast released on March 15, 2025, explores the Chinese hacking group Salt Typhoon, a sophisticated cyber-espionage outfit linked to the Ministry of State Security that infiltrated nine U.S. telecom companies and the Treasury by exploiting vulnerabilities in Cisco and BeyondTrust systems. The host traces the group’s evolution from its broad 2019 attacks on Southeast Asia to its refined 2023-2025 campaigns, wielding custom malware like Ghost Spider to steal sensitive data from telecoms, governments, and tech sectors worldwide. With aliases like Ghost Emperor and UNC2286, Salt Typhoon’s history builds on decades of Chinese cyber operations—shifting from the PLA’s early economic theft to the MSS’s strategic espionage—culminating in recent breaches exposing D.C.-area VIP calls and unclassified Treasury documents. The U.S. response of symbolic sanctions on a Chinese firm and an MSS-affiliated hacker underscores the ongoing challenges with groups like this.

Main Topics Discussed:

1. Who is Salt Typhoon?

• Known by aliases like Ghost Emperor and UNC2286, they’ve been active since 2019, tied to China’s MSS.

• Targets include telecoms, governments, and tech globally, with a focus on espionage.

2. History of Chinese Cyber Attacks

• Early attacks (2003-2010s) by the PLA stole tech secrets, like Operation Aurora against Google.

• Modern APTs like Salt Typhoon showing more refined, widespread operations.

3. Salt Typhoon’s Campaigns

• Early hits (2019-2022) targeted Southeast Asia; later ones (2023-2025) hit U.S. telecoms and Treasury.

• Malware like Ghost Spider evolved, using clever tricks to stay hidden and adaptable.

4. U.S. Attacks & Response

• Recent breaches exposed D.C.-area VIP calls and Treasury data via Cisco and BeyondTrust flaws.

• U.S. countered with symbolic sanctions on a Chinese firm and hacker, Yin Jinping, but the threat persists.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://blog.polyswarm.io/salt-typhoon-targets-telecoms-with-ghostspider?

• https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption

• https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf

• https://techcrunch.com/2024/10/13/meet-the-chinese-typhoon-hackers-preparing-for-war/

• https://mashable.com/article/salt-typhoon-breach-att-verizon-clear

• https://techcrunch.com/2024/12/04/fbi-recommends-encrypted-messaging-apps-combat-chinese-hackers/

• https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

• https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b

• https://www.reuters.com/technology/cybersecurity/us-adds-9th-telcom-list-companies-hacked-by-chinese-backed-salt-typhoon-2024-12-27/

• https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage

• https://en.wikipedia.org/wiki/Ministry_of_State_Security_(China)

• https://en.wikipedia.org/wiki/2010%E2%80%932012_killing_of_CIA_sources_in_China?

• https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/

• https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including

• https://cloud.google.com/blog/topics/threat-intelligence/chinese-espionage-tactics/

• https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020

• https://en.wikipedia.org/wiki/Operation_Fox_Hunt

• https://en.wikipedia.org/wiki/Salt_Typhoon

• https://www.theguardian.com/us-news/2021/oct/27/us-bans-china-telecom-from-operating-over-national-security-concerns

• https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince

• https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/analyzing-salt-typhoon-telecom-attacker/

• https://www.crowdstrike.com/en-us/blog/an-analysis-of-lightbasin-telecommunications-attacks/

• https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/

• https://www.darkreading.com/data-privacy/chinese-apt-backdoor-found-in-ccleaner-supply-chain-attack

• https://news.sky.com/story/obama-tells-china-president-hacking-must-stop-10345126

• https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

• https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf

• https://en.wikipedia.org/wiki/PLA_Unit_61398

• https://en.wikipedia.org/wiki/Titan_Rain

• https://www.csis.org/programs/strategic-technologies-program/survey-chinese-espionage-united-states-2000

• https://www.nytimes.com/2024/12/16/us/politics/biden-administration-retaliation-china-hack.html

• https://github.com/shadow1ng/fscan/blob/main/README_EN.md

• https://github.com/sensepost/reGeorg

• https://www.cisa.gov/sites/default/files/2024-05/MAR-10448362.c1.v2.CLEAR_.pdf

• https://proxylogon.com/

• https://www.picussecurity.com/resource/blog/salt-typhoon-removing-chinese-telecom-equipment

• https://threatpost.com/famoussparrow-spy-hotels-governments/174948/

• https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf

• https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

• https://cyberscoop.com/suspected-chinese-hackers-took-advantage-of-microsoft-exchange-vulnerability-to-steal-call-records/

• https://portswigger.net/daily-swig/a-whole-new-attack-surface-researcher-orange-tsai-documents-proxylogon-exploits-against-microsoft-exchange-server

• https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/

• https://cyberscoop.com/famoussparrow-eset-microsoft-exchange-proxylogon/

• https://www.c4isrnet.com/cyber/2024/04/10/secretive-us-cyber-force-deployed-22-times-to-aid-foreign-governments/

• https://www.meritalk.com/articles/report-salt-typhoon-using-backdoor-malware-tactics/

• https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951

• https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/

• https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html

• https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

• https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation

• https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

• https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

• https://cyberscoop.com/chinese-hack-nsa-tool-check-point/

• https://teamwin.in/index.php/2025/02/15/redmike-hackers-exploited-1000-cisco-devices-to-gain-admin-access/

• https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally

• https://cyberscoop.com/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks/

• https://www.techtarget.com/searchsecurity/news/366617509/Treasury-Department-breached-through-BeyondTrust-service

• https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/

• https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

• https://www.reuters.com/technology/cybersecurity/us-treasury-dept-issues-sanctions-related-salt-typhoon-hack-2025-01-17/

• https://www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/

• https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices

• https://risky.biz/BTN106/

• https://en.wikipedia.org/wiki/Salt_Typhoon

• https://jsac.jpcert.or.jp/archive/2025/pdf/JSAC2025_1_5_leon-chang_theo-chen_en.pdf

• https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming

• https://nvd.nist.gov/vuln/detail/cve-2023-2868

• https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/

• https://malpedia.caad.fkie.fraunhofer.de/actor/ghostemperor

• https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/

• https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

• https://blog.talosintelligence.com/salt-typhoon-analysis/

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth Podcast. Stay informed, stay safe, and see you in the next episode!

Welcome to the first Ask Me Anything (AMA) episode of The Intrusions in Depth Podcast! Host Josh Stepp takes a break from scripting his next deep-dive episode to answer listener questions in an unscripted, off-the-cuff format. To kick off this new series, Josh tackles a listener's question about the TikTok ban, its national security implications, and President Trump’s decision to delay enforcement for 75 days. 

What starts as a straightforward discussion spirals into a multi-faceted analysis—covering creators, consumers, legal ambiguities, historical precedents, and even a bit of conspiracy theorizing. From Romanian election recalls to the potential for government ownership of social media, Josh explores the messy intersection of technology, democracy, and geopolitics. Whether you’re a TikTok skeptic or a free-speech advocate, this episode offers plenty to chew on.

Joining the mailing list to participate:

Main Topics Discussed

1. The TikTok Ban Overview

   • Listener question: Thoughts on the TikTok ban, national security allegations, and Trump’s 75-day enforcement delay.

   • Josh’s approach: Analyzing the issue through multiple lenses—creators, consumers, the platform itself, legal precedent, and conspiracy angles.

2. Creators and Consumers

   • Sympathy for creators who rely on TikTok for livelihoods, especially those with limited job prospects (e.g., ex-felons, mental health challenges).

   • Counterpoint: National security may outweigh individual needs; alternative platforms (YouTube Shorts, Instagram Reels, etc.) exist for diversification.

   • Audience perspective: Claims of First Amendment violations are weak—governments already limit speech for security (e.g., classification).

3. National Security and Precedents

   • Historical examples: FDR’s Office of Censorship post-Pearl Harbor, Trump’s WeChat ban, and Russia’s Sputnik/RT restrictions.

   • TikTok concerns: Data harvesting by China, potential influence ops, and speculative backdoor risks (e.g., Pegasus-style exploits).

   • Comparison: U.S. tech giants (Meta, Google, X) could pose similar risks—why single out TikTok?

4. The Law Itself

   • Critique of the TikTok ban legislation: Vague terms (“foreign adversary,” “significant threat”) invite abuse.

   • Hypothetical misuse: Could target platforms like X if tied to foreign influence (e.g., Musk’s China ties).

   • Suggestion: Write clearer laws (e.g., ban data transmission to China) rather than broad, ambiguous bans.

5. Romanian Election Recall (2024)

   • Context: Far-right candidate’s lead annulled due to alleged TikTok interference (possibly Russian-linked).

   • Pro-recall: Evidence of coordinated campaigns; protects electoral integrity.

   • Anti-recall: Evidence is circumstantial; risks censorship and voter agency.

   • Broader issue: Balancing tech, democracy, and free speech in the digital age.

6. Conspiracy Time

   • Theories debunked: TikTok moving servers to Meta during a blackout—impractical for modern apps.

   • Speculation: Congress’s shift possibly due to classified briefings (e.g., NSA findings).

   • Trump’s reversal: Political strategy, donor influence (Jeff Yass), or a deal-making play for U.S. ownership.

7. Trump’s 75-Day Delay and Future Outlook

   • Possible motives: Appealing to young voters, donor pressure, or negotiating U.S. stakes in TikTok.

   • Innovative idea: Government ownership of tech stakes (e.g., Alaska’s oil fund model) to benefit taxpayers.

   • Prediction: Ban likely upheld, but TikTok persists under U.S. ownership (e.g., Oracle, Musk).

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• http(s)://www.youtube.com/watch?v=e1pTCSFrkbk&ab_channel=All-InPodcast

• https://en.wikipedia.org/wiki/Office_of_Censorship

• https://newsroom.tiktok.com/en-eu/continuing-to-protect-the-integrity-of-tiktok-during-romanian-elections

• https://www.bbc.com/news/articles/cm2v13nz202o

• https://x.com/mtaibbi/status/1865269938597879902

• https://x.com/mtracey/status/1865097680805839008

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions inDepth. Stay informed, stay safe, and see you in the next episode!

Intrusions and Depth welcomes its first-ever guest, John Prieto, a cybersecurity professional with experience at CrowdStrike, Mandiant, USAA, and the U.S. Air Force. Together, they dissect the chaotic rise and fall of the Lapsus$ hacking group—a crew of teenagers who turned the cybersecurity world upside down with brazen attacks on tech giants like Microsoft, Nvidia, and Rockstar Games.

Josh and John explore how Lapsus$ used social engineering, MFA fatigue, and even taunted their victims on social media, all while making rookie mistakes that led to their downfall. They also dive into the murky world of ransomware crews, the evolution of financially motivated cybercrime, and the blurred lines between threat actor clustering and sanctions.

Main Topics Discussed:

1. Lapsus$: The Chaotic Rise & Brazen Attacks

   • How a group of teenagers breached top corporations using unsophisticated yet highly effective tactics.

   • Their public Telegram channel, taunts, and lack of operational security (OPSEC).

2. Incident Response & Attribution Challenges

   • John shares behind-the-scenes insights from responding to Lapsus$ intrusions.

   • How security firms track threat actors despite constantly changing tactics and naming conventions.

3. The Immature Yet Dangerous Nature of APT Teens

   • Comparing Lapsus$ to professional ransomware gangs—why their unpredictability made them so dangerous.

   • The business dynamics of Ransomware as a Service.

4. The Future of Cybercrime & Security Lessons

   • The rising threat of hacktivist-style APT teens and their potential impact on infrastructure.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• htt(p)s://www.youtube.com/watch?ab_channel=NextGenHacker101

• https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf

• https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

  ---

Support the Podcast! USE MY LINKS!!

• deleteme.com promotional link

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Episode Description:

In this episode of Intrusions InDepth, Josh Stepp explores the fascinating world of psychological operations (PSYOPs) and information warfare. Using a recent 60 Minutes interview about alleged Mossad operations against Hezbollah as a case study, Josh delves into the tactics, ethics, and impact of these covert influence campaigns while analyzing the interview itself as a PsyOp, highlighting the power of narrative control and perception manipulation in modern conflicts.

Topics Discussed:

• PsyOp Fundamentals: An overview of PsyOp, their purpose, and applications in various contexts.

• The Pager and Walkie Talkie Attacks: A detailed account of the alleged Mossad operation, including the meticulous planning, device modification, and execution of the attacks on Hezbollah.

• The 60 Minutes Interview as a PsyOp: An analysis of the interview itself as a strategic tool for information warfare, shaping perceptions, and influencing adversaries.

• Open Source Intelligence (OSINT) Analysis: A demonstration of OSINT analysis techniques using the 60 Minutes interview as an example, evaluating source credibility and identifying potential motives behind the information.

• The Ethics and Effectiveness of PSYOPs: A discussion on the ethical considerations surrounding PSYOPs and their effectiveness in achieving long-term strategic goals.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.cbsnews.com/news/israeli-mossad-pager-walkie-talkie-hezbollah-plot-60-minutes/

• https://irp.fas.org/doddir/army/atp2-22-9.pdf

• https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/

• https://www.reuters.com/world/middle-east/irans-ambassador-lebanon-injured-by-pager-explosion-2024-09-17/

• By Way of Deception by Victor Ostrovsky & Claire Hoy

• https://en.wikipedia.org/wiki/Calls_for_the_destruction_of_Israel

• https://www(.)youtube(.)com/watch?v=FLUUUZWjfGk&t=1s&pp=ygURNjAgbWludXRlcyBtb3NzYWQ%3D

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

In this episode of Intrusions and Depth, Josh Stepp unpacks the audacious rise and chaotic downfall of the Lapsus$ hacking collective. Known for targeting some of the biggest names in technology, including Microsoft, Nvidia, and Rockstar Games, this group rewrote the playbook on cybercrime with tactics as unconventional as their teenage leadership. From SIM-swapping and MFA fatigue attacks to social engineering and public Telegram boasts, Josh examines how Lapsus$ exposed glaring vulnerabilities in global cybersecurity defenses while raising ethical questions about balancing punishment and rehabilitation for young offenders.

Main Topics Discussed:

1. The Rise of Lapsus$

   • Lapsus$ emerged in 2021 as a flamboyant hacking group known for bold, public-facing tactics, including defacing websites and leaking sensitive corporate data.

   • Their attacks included high-profile breaches at companies like Microsoft, Nvidia, Uber, and Rockstar Games.

2. Methods and Tactics

   • Lapsus$ favored social engineering over sophisticated exploits, using techniques like SIM-swapping, MFA fatigue, and exploiting support team access to gain entry.

   • A notable hallmark was their public taunting of victims and recruitment via Telegram.

3. High-Profile Breaches

   • Nvidia: Demanded removal of the cryptocurrency mining limiter from GPUs, escalating into a public back-and-forth.

   • Microsoft: Compromised 37GB of source code for Bing and other internal projects.

   • Rockstar Games: Leaked early footage of Grand Theft Auto VI, sparking fan outrage and security debates.

4. The Downfall

   • Arrests in 2022 and 2023 revealed the group’s youthful composition, with some members as young as 16.

   • The sentencing of leader Arion Kurtaj to indefinite detention highlighted the intersection of cybercrime and mental health issues.

5. Lessons for Cybersecurity

   • Reflections on how Lapsus$ forced global organizations to rethink their reliance on MFA and social engineering defenses.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.bbc.com/news/technology-66549159

• https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf

• https://www.reuters.com/world/americas/bolsonaro-dismisses-vaccination-requirement-entry-into-brazil-2021-12-07/

• https://www.reuters.com/technology/brazils-health-ministry-website-hit-by-hacker-attack-systems-down-2021-12-10/

• https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/

• https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

• https://blog.checkpoint.com/security/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/

• https://malpedia.caad.fkie.fraunhofer.de/actor/lapsus

• https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf

• https://techcommunity.microsoft.com/discussions/securityandcompliance/new-blog-post--dev-0537-criminal-actor-targeting-organizations-for-data-exfiltra/3264957

• https://en.wikipedia.org/wiki/Samy_Kamkar

• https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/

• https://unit42.paloaltonetworks.com/lapsus-group/

• https://x.com/vxunderground/status/1506114493067186183/photo/4

• https://www.darkreading.com/cyberattacks-data-breaches/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds

• https://www.law.cornell.edu/wex/chevron_deference

• https://www.zscaler.com/blogs/product-insights/what-you-need-know-about-lapsus-supply-chain-attacks

• https://www.uber.com/newsroom/security-update

• https://blog.avast.com/nvidia-allegedly-hacks-back-avast

• https://www.crn.com/news/security/nvidia-hacks-ransomware-gang-back-to-block-data-leaks-group-claims?

• https://www.spiceworks.com/it-security/data-security/news/nvidia-data-breach-lapsus/

• https://www.threatdown.com/blog/nvidia-the-ransomware-breach-with-some-plot-twists/

• https://www.wired.com/story/lapsus-hacking-group-extortion-nvidia-samsung/

• https://www.optimumsr.co.uk/anniversary-of-the-lapsus-hack-on-rockstar-what-have-we-learned/

• https://www.bleepingcomputer.com/news/security/e-commerce-giant-mercado-libre-confirms-source-code-data-breach/

• https://www.bleepingcomputer.com/news/security/samsung-confirms-hackers-stole-galaxy-devices-source-code/

• https://www.bleepingcomputer.com/news/security/nvidia-data-breach-exposed-credentials-of-over-71-000-employees/

• https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/

• https://therecord.media/rockstar-confirms-cyberattack-leak-of-confidential-data-including-gta-6-footage

• https://therecord.media/british-prosecutors-accuse-teen-lapsus-member-of-uber-revolut-rockstar-hacks

• https://flashpoint.io/blog/lapsus/

• https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/

• https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf

• https://x.com/davidmarcus/status/1862867849988944361

• https://www.businessinsider.com/meta-libra-crypto-project-regulators-david-marcus-2024-12

• https://archive.is/xGIdu

• https://www.sophos.com/en-us/content/pacific-rim

• https://www.brennancenter.org/our-work/analysis-opinion/house-passes-section-702-reauthorization-bill-without-protections-against

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Josh shares both the report highlights and his reflections on how these trends reshape the cybersecurity landscape, especially in light of ongoing geopolitical tensions.

Topics Discussed:

1. Blurred Lines Between Nation-State and Cybercriminal Activities

   How state-sponsored actors, including those from North Korea and Iran, increasingly adopt criminal tactics for financial gain, with North Korea using cybercrime to fund its nuclear and missile programs.

2. Generative AI and Its Role in Cyber Threats

   A deep dive into the uses of generative AI by both defenders and attackers, including the development of sophisticated phishing scams, influence operations, and automated malware production.

3. Commodity Malware and Open-Source Tools

   The use of off-the-shelf hacking tools like Cobalt Strike and Sliver, which simplify cyber operations for threat actors. Josh explores how these tools blur the line between advanced and lower-skill attacks.

4. Social Engineering and AI-Powered Phishing

   Insights from the reports show how generative AI enables more tailored and realistic phishing campaigns, amplifying the effectiveness of social engineering at scale.

5. State-Backed Influence Operations via AI

   Case studies of AI-driven influence campaigns, including Russia’s deepfake audio tactics in Slovakia and China’s misinformation campaigns, demonstrate AI’s role in sowing discord and manipulating public perception globally.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.elastic.co/resources/security/report/global-threat-report

• https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

• https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

• https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

• https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver

• https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

• https://attack.mitre.org/groups/G0138/

• https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming

• https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/

• https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a

• https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises

• https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/

• https://www.reuters.com/world/us-issues-iran-related-sanctions-over-election-interference-2024-09-27/

• https://www.npr.org/2023/09/28/1202110410/how-rumors-and-conspiracy-theories-got-in-the-way-of-mauis-fire-recovery

• https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html

• https://securityintelligence.com/articles/malicious-ai-worm-targeting-generative-ai/

• https://cert.gov.ua/article/6278521

• https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Main Topics Discussed:

1. The Compromise of the D-30 Howitzer App

   • The episode kicks off with a discussion on the Ukrainian artillery officer Yaroslav Sherstuk’s development of the Correction-D30 app, which sped up artillery targeting. Fancy Bear, a Russian cyber espionage group, inserted X-Agent malware into a trojanized version of the app, leading to devastating consequences for Ukrainian artillery.

2. Understanding the D-30 Howitzer

   • Josh explains the technical aspects of the D-30 Howitzer, a Soviet-designed 122mm artillery piece, and how the Correction-D30 app was designed to speed up targeting calculations, increasing efficiency and accuracy in battle.

3. Fancy Bear and the X-Agent Malware

   • The episode provides an in-depth analysis of Fancy Bear’s use of the X-Agent malware in compromising the app. This includes a technical breakdown of how the malware worked, including its reconnaissance capabilities, use of Android’s built-in APIs, and its ability to collect sensitive data from infected devices.

4. Impact of the Malware on Ukrainian Forces

   • Josh examines how the malware allowed Russian forces to track Ukrainian artillery movements, leading to the loss of up to 20% of Ukraine’s D-30 Howitzers in combat. The discussion touches on the implications of this kind of cyber warfare for real-world military tactics.

5. Attribution Challenges

   • The episode delves into the complexities of attributing the attack to Fancy Bear, touching on the challenges of tracking malware use across different threat actors. Josh discusses how Crowdstrike and other security firms identified Fancy Bear’s involvement and the challenges of confirming attribution with certainty.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf

• https://web-assets.esetstatic.com/wls/2016/10/eset-sednit-part-2.pdf

• https://en.interfax.com.ua/news/general/395186.html

• https://blog.focal-point.com/focal-point-releases-malware-analysis-of-android-x-agent-implant

• https://www.scribd.com/document/468214030/X-Agent-Malware-Technical-Analysis-Focal-Point

• https://www.realclearinvestigations.com/articles/2020/05/13/hidden_over_2_years_dem_cyber-firms_sworn_testimony_it_had_no_proof_of_russian_hack_of_dnc_123596.html

• https://www.crowdstrike.com/en-us/blog/bears-midst-intrusion-democratic-national-committee/

• Change Agents - Dmitri Alperovitch

Books:

• Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Josh also examines various conspiracy theories surrounding the hack, including speculation about Russian involvement and insider threats.

Main Topics:

1. The Sony Hack: Overview and Timeline

• Sony Pictures' preparation for The Interview, a comedy about the assassination of North Korea’s leader Kim Jong-un.

• Initial breach in September 2014 via phishing emails, followed by months of network snooping.

• November 2014: The attack escalates, wiping Sony’s systems and leaking sensitive data, including unreleased films and employee information.

2. North Korea’s Motives and Threats

• North Korea's public condemnation of The Interview as an act of war and terrorism through UN complaints.

• Connection to North Korean propaganda and the Kim regime’s intolerance for mockery in media.

• Analysis of North Korea's use of cinema for internal propaganda and their extreme reaction to the film.

3. Technical Breakdown of the Attack

• Discussion of the malware used: Destover, a wiper designed to erase Sony's files.

• FBI’s findings on how the malware operated, wiping systems and exfiltrating large amounts of data.

• Comparison to previous North Korean cyberattacks like the Dark Seoul and Shamoon campaigns.

4. Political Fallout and Obama’s Response

• President Obama's statement condemning the censorship attempt and Sony’s initial decision to pull the film.

• The FBI's conclusion that North Korea was responsible for the attack, despite some skepticism from the cybersecurity community.

• Analysis of Sony's defense and Obama’s commitment to respond to the attack.

5. Theories and Conspiracies: Was It Really North Korea?

• Speculation on Russian involvement and alternative theories involving disgruntled Sony employees.

• FBI's indictment of North Korean hacker Park Jin Hyok in 2018, tying him to the Sony hack and other cybercrimes.

• Discussion of whether the attack was a multi-party effort or framed to implicate North Korea.

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea

• https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and

• https://coverlink.com/case-study/sony-pictures-entertainment-hack/

• https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack

• https://apps.dtic.mil/sti/pdfs/AD1046744.pdf

• https://www.fbi.gov/news/press-releases/update-on-sony-investigation

• https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know

• https://www.nccgroup.com/us/the-lazarus-group-north-korean-scourge-for-plus10-years/

• https://foreignpolicy.com/2018/04/11/north-korean-destructive-malware-is-back-says-dhs-report/

• https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_wipall.e

• https://www.securityweek.com/researchers-analyze-data-wiping-malware-used-sony-attack/

• https://www.scmagazine.com/news/analysis-of-wiper-malware-implicated-in-sony-breach-exposes-shamoon-style-attacks

• https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/NukeSped

• https://lamag.com/film/sony-hack

• https://www.hollywoodreporter.com/movies/movie-features/five-years-who-hacked-sony-1257591/

• https://www.darkreading.com/cyberattacks-data-breaches/report-russian-hacker-broke-into-sony-is-still-there

• https://www.kaspersky.com/blog/operation-blockbuster/11407/

• https://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727/

• https://www.bankinfosecurity.com/destover-taps-stolen-sony-certificate-a-7660

• https://securelist.com/destover/67985/

• https://securelist.com/shamoon-the-wiper-in-details/34369/

• https://www.bankinfosecurity.com/sony-hack-destover-malware-identified-a-7638

• https://www.darkreading.com/cyberattacks-data-breaches/sony-hackers-knew-details-of-sony-s-entire-it-infrastructure

• https://securityaffairs.com/42194/malware/destover-malware-analysis.html

• https://info.publicintelligence.net/FBI-KoreanMalware.pdf

• https://en.wikipedia.org/wiki/Park_Jin_Hyok

• https://www.nknews.org/2023/02/south-korea-issues-first-ever-cyber-sanctions-against-north-korea/

• https://mynorthkorea.blogspot.com/

• https://www.kaspersky.com/blog/operation-blockbuster/11407/

• https://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727/

• https://www.bankinfosecurity.com/destover-taps-stolen-sony-certificate-a-7660

• https://securelist.com/destover/67985/

• https://securelist.com/shamoon-the-wiper-in-details/34369/

• https://www.bankinfosecurity.com/sony-hack-destover-malware-identified-a-7638

• https://www.darkreading.com/cyberattacks-data-breaches/sony-hackers-knew-details-of-sony-s-entire-it-infrastructure

• https://securityaffairs.com/42194/malware/destover-malware-analysis.html

• https://info.publicintelligence.net/FBI-KoreanMalware.pdf

• https://www.lexology.com/library/detail.aspx?g=79955aa7-ed24-417a-8492-34a7af42daf7#:~:text=The%20Court%20rejected%20Capital%20One's,protected%20by%20attorney%2Dclient%20privilege.

• https://darknetdiaries.com/episode/147/

• https://www.kaspersky.com/blog/operation-blockbuster/11407/

Books:

• The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War by Geoff White

• In Order to Live: A North Korean Girl's Journey to Freedom by Yeomi Park

• The Girl with Seven Names: A North Korean Defector’s Story by Hyeonseo Lee

• Dear Reader: The Unauthorized Autobiography of Kim Jong Il by Michael Malice

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Key Topics Discussed:

1. Defining Information Warfare

   • What is information warfare? Josh explains the definition, focusing on data collection, propaganda, and psychological warfare as non-physical tactics.

   • Reference to Wikipedia’s definition of information warfare, dissecting how it involves everything but direct, physical attacks.

2. Historical Comparisons

   • Josh compares ancient and historical military strategies, such as the Roman sieges, World War II bombings, and propaganda campaigns, to today's cyber tactics.

   • Examples from WWII, including British radio propaganda efforts against Nazi Germany, and the lessons learned from those operations.

3. Cyber Warfare Today

   • How cyber operations (like the CrowdStrike incident) are used in modern warfare, particularly in Ukraine and Russia, and the limitations of these efforts.

   • Real-world examples of Russian cyber operations and their effectiveness in current conflicts, emphasizing return on investment (ROI) and tactical advantages.

4. Propaganda and Psychological Operations

   • A discussion on the role of propaganda in undermining enemy morale, from ancient leaflets to modern social media disinformation campaigns.

   • Josh emphasizes the ethical considerations surrounding these tactics, and whether they violate the rules of war and international norms.

5. Impact of Social Media and Modern Technologies

   • How modern platforms like TikTok, deepfakes, and other technologies amplify the effects of information warfare.

   • Josh addresses the current debate on whether apps like TikTok are being used for state-sponsored influence operations and propaganda.

6. War Crimes and Civilian Targeting

   • Ethical concerns about targeting civilian infrastructure during conflicts, touching on debates about war crimes and dual-use facilities (e.g., water, power, and roads).

   • Discussion on proportionality and the Geneva Conventions in the context of modern and historical conflicts.

Takeaways:

• Information warfare is a broad, evolving concept that has roots in historical military strategies but is amplified in the digital age through cyber and social media platforms.

• Cyber warfare, while potentially disruptive, often serves as a complement to traditional military actions rather than as a standalone strategy.

• Propaganda and psychological operations continue to play a significant role in shaping public opinion and undermining the enemy’s morale, with ethical dilemmas still prevalent.

• Social media platforms and technologies like TikTok are potentially powerful tools in modern information warfare, with ongoing debates about their role in influencing public opinion.

Mentioned Resources:

• How to Win an Information War by Peter Pomerantsev

• Risky Business Podcast – Between Two Nerds

• Battle of Alesia

• Blitzed: Drugs in the Third Reich by Norman Ohler

Disclaimer:
The views expressed in this podcast are those of the host and do not reflect the official stance of any affiliated organizations. The podcast is based on publicly available materials and does not contain any classified or proprietary information.

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!

Main Topics:

1. PhineasFisher: The Cyber-Robin Hood

• The Gamma Group Hack (2014): PhineasFisher’s debut, exposing a company selling surveillance software to oppressive regimes.

• The Hacking Team Breach (2015): A massive data leak that revealed the inner workings of Hacking Team and sparked global controversy.

2. Hacktivism as Political Theater

• Redistribution of Wealth: How PhineasFisher claimed to steal €10,000 from a bank and donate it to a revolutionary cause in Syria.

• The Hacktivist Bug Hunting Program: PhineasFisher’s initiative offering bounties for politically motivated hacks, targeting major corporations.

3. The Guacamaya Connection

• Emergence of Guacamaya (2022): A new hacktivist group taking inspiration from PhineasFisher, targeting mining and oil companies in Latin America.

• Guacamaya’s Philosophy: A manifesto calling for the sabotage of Western companies exploiting Central America’s natural resources.

4. Technical Breakdown: Guacamaya’s Attack on Pronico

• Exploiting Vulnerabilities: Use of Microsoft Exchange flaws and social engineering to infiltrate systems.

• The Cyber Knife Fight: A detailed look at the cat-and-mouse game between Guacamaya and Pronico’s IT team during the attack.

5. The Legacy of PhineasFisher

• Inspiring the Next Generation: How PhineasFisher’s hacktivism has become a blueprint for others to follow.

• Ethics and Impact: The broader implications of using hacking for social change, and the risks involved.

Subscribe:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://therecord.media/chamelgang-china-apt-ransomware-distraction

• https://www.vice.com/en/article/meet-the-environmental-hacktivists-trying-to-sabotage-mining-companies/

• https://data.ddosecrets.com/MilicoLeaks/README.txt

• https://www.vice.com/en/article/phineas-fisher-says-they-paid-dollar10000-bounty-to-person-who-hacked-chilean-military/

• https://www.vice.com/en/article/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies/

• https://en.wikipedia.org/wiki/Guacamaya_(hacktivist_group)

• https://cyberscoop.com/environmentalist-hacktivist-collective-mining-company/

• https://latinoamerica21.com/en/guacamaya-hacktivists-from-the-global-south/

• https://malpedia.caad.fkie.fraunhofer.de/actor/guacamaya

• https://therecord.media/interview-with-guacamaya-hacktivist-group-latin-america

• https://enlacehacktivista.org/comunicado_guacamaya.txt

• https://enlacehacktivista.org/index.php/Milico_Leaks

• https://enlacehacktivista.org/index.php?title=File:MILICOS_CULIAOS_LEAK.txt

Credits:

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode!