DPRK cyberespionage update

A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly “fully undetectable information stealer.” DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marré from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is released for Key Group ransomware.

For links to all of today’s stories check out our CyberWire daily news briefing:

Selected reading.

VMConnect supply chain attack continues, evidence points to North Korea (ReversingLabs) 

Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware (Securonix)

Montreal electricity organization latest victim in LockBit ransomware spree (Record)

LockBit ransomware gang targets electrical infrastructure organization in Montreal (teiss)

[Analyst Report] SANS 2023 DevSecOps Survey (Synopsys)

SANS 2023 DevSecOps Survey (Application Security Blog)

Government Agencies Report New Russian Malware Targets Ukrainian Military (National Security Agency/Central Security Service)

Russian military hackers take aim at Ukrainian soldiers’ battle plans, US and allies say (CNN)

Ukraine: The First Cyber Lessons (AFCEA International)

The Return of Hacktivism: A Temporary Reprise or Here for Good? (ReliaQuest)

Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang (EclecticIQ)

Learn more about your ad choices. Visit megaphone.fm/adchoices