US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess
Three Buddy Problem Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident. Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives.
Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident.
Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.
Links:
- Transcript (unedited, AI-generated)
- BeyondTrust statement on hack investigation
- U.S. Treasury says it was hacked by China-backed actors
- Another Palo Alto 0day exploited in the wild
- US telcos say they've evicted Salt Typhoon Chinese hackers
- Google: What is BeyondCorp?
- Introducing the MISP Threat Actor Naming Standard
- MISP: Recommendations on Naming Threat Actors
- New variant of the CIA HIVE attack kit
- Xdr33 Variant Of CIA's HIVE Attack Kit Emerges
- Savvy Seahorse connection to Cyberhaven incident
- US sanctions China's Integrity Technology over Flax Typhoon hacks
- Operation Aurora
- APT1 Exposing One of China’s Cyber Espionage Units