CyberWire Daily - A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
Episode Date: August 10, 2023A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A ...Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity. On this segment of Threat Vector, Kristopher Russo, Senior Threat Researcher for Unit 42, joins host David Moulton to discuss part one of two Muddled Libra. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/152 Threat Vector links. Threat Group Assessment: Muddled Libra Guest: Kristopher Russo: From practitioner to researcher Kristopher Russo has spent years entrenched in various specializations of cybersecurity. As a researcher focused on ransomware and cybercrime he brings a from the trenches perspective to cyber threat intelligence. Selected reading. Xurum: New Magento Campaign Discovered (Akamai) Gootloader: Why your Legal Document Search May End in Misery (Trustwave) Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks) New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingCompute Panasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED) MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security) Belarus hackers target foreign diplomats with help of local ISPs, researchers say (TechCrunch) Pro-Russian hackers claim attacks on French, Dutch websites (Record) Zhora: Russia's cyber 'war crimes' will outlast invasion (Register) The Power of Resilience (Cybersecurity and Infrastructure Security Agency CISA) Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software (The White House) AIxCC (AIxCC) The Biden administration wants to put AI to the test for cybersecurity (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Reports of a wide-ranging cyber espionage campaign by China's Ministry of State Security.
Evil proxy phishing tool targets executives and defeats multi-factor authentication.
Vulnerabilities in CPUs.
Yashma ransomware targets a wide range of countries.
Mac OS threat trends.
Is there a Russian attempt to disrupt British elections?
Rob Boyce from Accenture checks in from the Black Hat conference.
Maria Vermasis speaks with the Black Hat Aerospace Village's Kalin Tricon and Steve Luzinski.
Ukraine claims to have stopped a Russian spyware campaign.
And Patch Tuesday has come and gone, but the vulnerabilities remain.
Unless, of course, you've applied the patches.
I'm Dave Bittner with your CyberWire Intel briefing for Wednesday, August 9th, 2023. Thank you. to China's Ministry of State Security that's prospecting targets primarily in Southeast Asia,
but in other regions as well.
Microsoft tracks Red Hotel as charcoal typhoon.
SecureWorks calls it Bronze University.
The operation appears to be run for the Ministry of State Security by contractors.
Recorded Future thinks Red Hotel's activity
is marked by unusual scope and intensity.
They write, since at least 2019, Red Hotel has exemplified a relentless scope and scale of wider
PRC state-sponsored cyber espionage activity by maintaining a high operational tempo and targeting
public and private sector organizations globally. The group often utilizes a mix of offensive security tools,
shared capabilities, and bespoke tooling.
The shared commodity tools include Shadowpad and Winty.
The bespoke malware includes Spider and FunnySwitch.
There's always an offense-defense seesaw.
One rises, the other sinks, and then the process repeats itself.
That's happening now in a spear phishing campaign Proofpoint describes in a report.
Over the past six months, the company's researchers have been watching a surge in cloud account takeovers.
The threat actors involved have been using a reverse proxy tool, Evil Proxy,
in spear phishing campaigns that compromise multi-factor protected credentials and session cookies.
It's an adversary in the middle campaign specializing in advanced account takeover methods.
That's the seesaw.
Using reverse proxy tools is a foreseeable criminal response
to the growing adoption of multi-factor authentication security measures.
Multi-factor authentication remains an important security tool,
but as with any other technology, it isn't foolproof and doesn't amount to a panacea.
There are two reports out this week on vulnerabilities in CPUs.
The first affects Intel products.
in CPUs. The first affects Intel products. Several generations of Intel's x86 processors are vulnerable to a data leak flaw called Downfall, CyberScoop reports. Daniel Mohimi,
a computer security expert at the University of California, San Diego, and Google found that an
attacker running one application could exploit the flaw to steal passwords, encryption keys, and other sensitive data from another application.
Mahomi told CyberScoop,
When you have a vulnerability like this, essentially this software-hardware contract is broken.
The software can access physical memory inside the hardware that was supposed to be abstracted away from the user
program. It violates a lot of assumptions we make in general about operating system security.
Intel poured oil on troubled waters, saying in a statement that the attack researchers describe
would be very complex to pull off outside of the controlled conditions of a research environment.
off outside of the controlled conditions of a research environment. AMD processors also exhibit a vulnerability of their own. Bleeping Computer reports that all AMD Zen CPUs are vulnerable to
a hardware flaw that can leak privileged secrets and data using unprivileged processes. Researchers
at ETH Zurich discovered the flaw and created an exploit called Inception
that creates an infinite transient loop in hardware to train the return stack buffer
with an attacker-controlled target in all existing AMD Zen microarchitectures.
Cisco Talos warns that a new threat actor is using the Yashma ransomware
against targets in English-speaking countries and also in Bulgaria, China, and Vietnam.
The researchers say Talos assesses with moderate confidence that the threat actor may be of Vietnamese origin because their GitHub account name and email contact on the ransomware notes spoofs a legitimate Vietnamese organization's name.
The ransom note also asks victims to contact them between 7 and 11 p.m. UTC plus 7, which
overlaps with Vietnam's time zone. It seems the crooks clock in and out just like the rest of us.
Talos also notes that the threat actor's ransom note mimics the one used by WannaCry.
And why not? If you're engaged in extortion, what's a little plagiarism among friends?
Bitdefender has released its macOS threat landscape report,
revealing that Trojans pose the primary threat to Macs,
constituting over 50% of identified threats.
The study highlights that EvilQuest retains its status as the most prevalent malware targeting
Mac systems, commanding a substantial 52.7% share.
This malware strain encompasses a ransomware module designed to encrypt and exfiltrate
victim files, accompanied by a keylogger for harvesting keystrokes and siphoning personal
and financial information. Although the majority of antivirus providers are equipped to detect and
thwart EvilQuest, its persistent prevalence suggests that attackers continue to deploy it
in a scattergun manner, aiming to ensnare vulnerable victims in their wide-reaching dragnet.
The Telegraph reports that the ransomware attack
and attendant data breach at the UK's Electoral Commission may have been directed by Russian
intelligence services. It may have been intended to disrupt British elections. While the incident
was detected in October of 2022, the Electoral Commission only yesterday issued a public notification of the
attack. Considerable personally identifiable information was exposed, as is so often the
case with Russian operations. It will be difficult to distinguish conventional cybercrime from
cyber espionage and state-directed influence operations. Reuters reports that the Security Service of Ukraine,
the SBU, also known by its translated acronym SSU, said yesterday that a Russian attempt to
compromise the Ukrainian Armed Forces Combat Information System had been detected and thwarted.
According to the record, the SBU identified the threat actor responsible as the GRU's Sandworm.
The Ukrainian security agency says it stopped the Russian military operation in its planning phases.
Sandworm's goal is thought to have been the compromise by spyware of Android devices used in Ukrainian tactical networks.
But the SBU didn't reveal the specific systems the GRU had targeted.
Ukrainska Pravda cites SBU sources as saying Sandworm was trying to work from Ukrainian
tablets captured on the battlefield. Their intention was to use those devices to access
Ukrainian networks and use that access to spread about a dozen spyware programs.
and use that access to spread about a dozen spyware programs.
And finally, August's Patch Tuesday arrived yesterday.
It saw upgrades to some widely used products from several vendors.
Adobe released patches for 30 vulnerabilities affecting Acrobat DC, Acrobat Reader DC,
Acrobat 2020, and Acrobat Reader 2020, Security Week reports.
Microsoft patched 33 products.
The company also released a defense-in-depth update to block the attack chain for an actively exploited Windows Search remote code execution vulnerability.
And Fortinet has issued a security update addressing a buffer overflow vulnerability affecting 40 OS. The flaw may allow a privileged
attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were
able to evade 40 OS stack protections. As CISA likes to say, apply upgrades per vendor instructions.
Coming up after the break, Rob Boyce from Accenture checks in from the Black Hat Conference.
Maria Vermatsis speaks with the Black Hat Aerospace Village's Kalen Tricon and Steve Luzinski.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
Maria Varmatsis is host of the T-Minus podcast focusing on all things space.
She recently spoke with the Black Hat Aerospace Villages,
Kaylin Tricon, Director of Communications,
and Steve Luzinski, Board Chair,
about the Aerospace Village non-profit,
their mission, and their programs.
Here's Maria Varmasis.
Kaylin, Steve, there's a lot going on at the Aerospace Village at DEF CON this year.
If you can start us somewhere and walk me through it, that'd be awesome.
One of the things that I am just super proud of and excited for is the wide range of talks that we have in the village this year. When we started this five years ago, we were the aviation village. Now we are the
aerospace village and we are really seeing that come into itself. We have tons of talks for space,
satellites, aviation. We also have one that has to do with weather and weather satellites.
And weather balloons.
And weather balloons.
That's super cool.
I think that what this shows us is that we really are bridging the gap and reaching the
different communities that we are trying to reach by seeing the diversity in these talks.
A few that I'm super excited for, and I think that our listeners will be excited to mark their
calendars for is one talk called Winging It, Pentesting 737. I'm a bit fearful of that,
but I think it's going to be a really engaging talk. That feels like very DEF CON to talk about
something terrifying and cool at the same time. Exactly. And I think, you know, one of the things
that we always say, and we really do promote it through. And I think, you know, one of the things that we always say,
and we really do promote it through our messaging, is that, you know, we don't want people to cause
hysteria and think planes are falling out of the sky. We want to actually show the real world
security challenges that this ecosystem faces. To pile on to what Kaylin said, you know, that
government side, the growth we've seen over these five years.
We've got a person from TSA coming in to talk about the screening systems and the cybersecurity
involved with that. We've got two nice ladies from the Office of the National Cyber Director,
and they're coming in to talk about things from National Cybersecurity Strategy and the
Workforce Strategy that's recently published,
but they also do work with the National Space Council. So their perspective from that high
level government side of things, all the way down to the deep technical and things like what
Kaylin's mentioned on both space and aviation. I'm excited I get to do a talk with the TSA
administrator, hearing his perspective on both space and aviation and space
related cybersecurity concerns, the industrial control systems at airports, spaceports, all of
that. So in addition to the talks, we have activities that are very deeply technical and
very complex on the run side of things. And we've also got activities that are very simple and straightforward in like a crawl,
walk, run mentality.
So Capture the Flag events being hosted by Boeing, by Lockheed Martin.
The Aviation ISAC has brought in students from Embry-Riddle.
We've got students in our talk track.
We've got students running these Capture the Flags.
We have other smaller companies like CT Cube, Intelligenesis, showing some of their training systems, some of the industrial control systems as it relates to runway lighting and the security behind those and how they demonstrate that.
SpaceX is going to have one of their ground stations there.
It sounds like they're going to have a spacesuit and an engine.
So it's just good to have some cool things to look at.
We'll have an Airbus cockpit.
One of our, again, another partner of ours, Pentest Partners,
they have built an Airbus cockpit and they use that to demonstrate.
I'm sorry, a cockpit.
Yes, and yes, it will be there for fun, the fun of flying it also.
But demonstrating the electronic flight bag.
Exactly. And they're going to have actual aircraft seats. So we're going to have,
you can, your experience of flying out there, being uncomfortable and flying home,
you can do that in our village. So we have all of that. And one other event I've been working
on this lately is an Ask Me Anything. Yeah. Yeah. Tell me about that.
We've got all these experts, right? We've got experts that
are volunteers, that are volunteers, are pilots, former pilots, military, commercial, all the way
to people who've done policy and government, policy and industry, the security researchers who
are, they've been doing it their entire career. And then we have all these partners and experts
that are coming in either speaking or the activities that we talked about. And then we have all these partners and experts that are coming in either speaking or the
activities that we talked about. And so folks want to learn from them where you can sit down and say,
hey, I want to learn about getting into cybersecurity. I want to learn about getting
into cybersecurity in aviation or space sector. And you can hear from folks. They want to talk
about where they work. If you want to know about it, great.
But the idea is experienced people who come from a government, an industry, an academic,
a security researcher background.
You can ask them any questions that you want.
You can hear more about what they did, how they got in, the goods, the bads, all of those things.
And that brings us to what I'm going to call the satellite in the room here,
which is we haven't talked about it in depth yet,
but this year,
Hackasat finals are going to happen at DEF CON on a satellite that is in
space, Moonlighter.
So cool.
It is orbiting in space.
It is so cool.
I'm such a nerd.
I'm so excited to bring Hackasat in this competition.
I'm working with the Air Force and the Space Force to actually do this and have it be live in space with these finalist teams.
I think it's just going to be something that is incredible.
It's such a testament to all of the work that the community, that the village has done.
it's such a testament to all of the work that the community that the village has done well and the beauty is hackasack covers both the activity side like what kaylin mentioned
so uh so both on the speaking side and come see it live in action side we're going to have a cube
sat the cube sat known as the project moonlighter that kaylin mentioned is a CubeSat launched in June, deployed off the ISS in July.
That's what's orbiting.
That's what they're hacking on for this capture the flag.
But we have one because Cal Poly is bringing one in.
And you can talk to folks about how it works and what it does.
DEF CON is such an amazing, overwhelming event, especially for someone who might be new.
So I'm just going to close with
like a newbie question. If someone's going to DEF CON for the first time and they want to go to the
village, your village, what would you recommend they start with first? I know it depends on what
they're interested in, but let's just go with that. I would say it wasn't too, too long ago
that I was a newbie DEF CONer. And I would say, you know,
if you're entering the Aerospace Village,
look for someone in a blue Aerospace Village t-shirt
and just go up to them and ask them, you know,
share what your interests are.
And we will help make sure that you have
the best first experience that you can have.
You know, we have so many incredible volunteers
with such incredible backgrounds. And we want, you know, we want people to have a great experience and to
take something away and to learn something they didn't know when they entered the village. So
look for somebody in an aerospace village t-shirt. That is my advice.
And, and I think what you led off with Maria is having tried to do everything at DEF CON
because there's so many
villages, so many activities, so many talks. You got to stand in line or you're going to miss out
on the talk. Just pick something. Maybe it's our village for the entire day. We would love to have
you, just like Kaylin said, talk to somebody in a blue shirt or one of the nice neon vests that
we're bringing this year so you know who the volunteers are and they can point you in the right direction. But really that focus so you can
actually enjoy DEF CON as opposed to just get totally whooped trying to do everything because
we're only one small portion of DEF CON, right? So yeah, just being able to make your way around and
calmly enjoy and spend time in each place is the recommendation I'd offer.
Some earned wisdom there, indeed.
I don't follow it myself, but I offer it.
And I try to do it, but I fail.
It's a lot. It's a big event.
Kaylin and Steve, I wish you all the best at DEF CON this year.
And a quick reminder to check out the T-Minus podcast
right here on the CyberWire network.
And it is always my pleasure to welcome back to the show Robert Boyce.
He is Global Lead for Cyber Resilience and Managing Director at Accenture.
Rob, it's great to have you back.
I want to touch today on some work that I know you and your colleagues there at Accenture are doing
when it comes to some things you're tracking on the dark web.
What's going on here?
Yeah, thanks, David.
First of all, it's always a pleasure to be here. So thank you again for hosting me.
We've actually been seeing a really interesting uptick in the focus of threat actors in OT systems.
And I think OT systems have long been vulnerable to cyber attacks, and we've known that.
And we have seen some very focused attacks in the past.
very focused attacks in the past.
But, you know, quite honestly,
the majority of OT impacts we see today are usually a leakage from an IT incident
or, you know, some self-imposed shutdown
due to uncertainty of what an IT incident
may cause to an OT environment.
And so we've never, you know,
and I would say maybe even before 2021, right we saw the colonial pipeline disruption, we saw threat actors really stay away from crossing the line into national critical infrastructure and oil and gas due to potential, what it could mean in the state of real potential warfare.
in the state of real potential warfare.
And then when we actually saw that event happen,
because there was so much focus on this area,
we saw a lot of dark web marketplaces take down their OT tools and advertisements
and things that they were talking about
because they just didn't want to have that focus.
Was it just too much heat?
I think a little bit too much heat, yeah.
And then what we saw starting really want to have that focus. Just too much heat? I think a little bit too much heat. Yeah.
And then what we saw starting really when the Russian-Ukraine conflict happened is those rules started to go a bit out the window.
And so our team has been researching this.
We've seen a significant uptick really around into May this year, where we're seeing more
and more threat actors on the dark web start talking about
targeting OT systems, and really OT systems of Western national critical infrastructure,
as well as oil and gas. That's been the focus. And when we say targeting, what exactly are we
talking about here? They're looking to buy access into these environments. They're looking for
people who are creating exploits within the OT infrastructure or OT systems so that they are able to, of course, successfully
be able to cause disruption. I think the thing that's really fascinating to me here is we're
seeing, this is one of the first times I've seen this, where we're seeing three different ideologies
really have motivations in this space. Meaning meaning we're seeing activists, of course,
want to be able to target OT systems
to maybe make headlines in a meaningful way
by causing national disruptions.
We're seeing financially motivated cyber criminals
get into the space, just, of course, big surprise for money.
And as we see more and more requests or more and more demand,
you know, obviously there's more interest for these financially motivated criminals to be able
to produce, you know, produce materials, assets that can help further exploitation in OT
environments. And then we're seeing, of course, the political motivated threat actors. And this
is largely, as you can imagine,
representing Russia against all enemies of Russia. That's the most popular we're seeing there.
But it's been quite interesting to see these three ideologies, one of the first times I've seen, all come together with a singular mission, but for different purposes.
And is it kind of coincidental that those three different directions are converging?
I don't know if it's coincidental. I really, again, I do think that the Russia-Ukraine
conflict has opened the door to, I don't want to say encourage this behavior, but to make it
more acceptable. So I feel like, and a lot of it is in terms of, you know, hacktivists, again, targeting Western, primarily Western national critical infrastructure, as well as oil and gas, because of, you know, in support of Russia-Ukraine conflict.
And then, of course, the political motivations similar.
And, you know, when you have financially motivated criminals, I think they just follow the money, right, where the demand is.
So I don't know if it's coincidental.
I think it's just all of the right reasons came together to really create almost what we would say is a perfect storm of opportunity for these three groups.
Yeah.
So based on what you all are seeing here, what are your recommendations for those folks who are responsible for OT security?
Great question. And
this has been quite honestly a challenge we've seen in industry. I think there's been this false
notion that attackers will not be as successful in OT environments because there's this concept
of logical and physical separation, which we now know, well, even if it was ever true, I'm not sure,
but we now know is definitely not true because we're seeing that leakage from IT to OT consistently when we see the disruptions in OT
today. And as well, there's a huge investment that needs to be made by threat actors to maybe
even purchase physical equipment to try and find vulnerabilities within that equipment.
But now that these threat actors are so well-funded, and the equipment's much more
readily available, even that is reduced
the barrier to entry for interest here. So the first thing I would say is organizations who
have a large OT footprint, especially again in national critical infrastructure and oil and gas,
need to understand that the threats to the OT environment are the same as the threats to the
IT environment. And I always find it interesting because the OT operators, they measure their business in terms of minutes sometimes.
As far as downtime, is it a direct correlation to impacted revenue loss?
And so the way that they think about OT, they think about it more from resiliency, from uptime, human safety. And so what we find
works very well is to create those same themes from a security perspective and start to educate
the OT operators on why cyber risk is a very similar risk as that you would see and how it
directly impacts resiliency and uptime and revenue.
And so I guess, again, going back to your question, in the spirit of it just needs to be
a business objective to secure OT. And the risks there need to be understood clearly.
And the messaging of the importance of cyber really needs to be framed up in a way that the
OT owners and operators will understand
and how it correlates to the impact of their business.
All right. Well, Robert Boyce is Global Lead for Cyber Resilience and Managing Director at
Accenture. Rob, thanks so much for joining us. Thank you. We're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
of cybersecurity. We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public
and private sector, as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic
Workforce Intelligence optimizes the value of your biggest investment, your people.
We make you smarter about your team while making your team smarter. Learn more at n2k.com.
This episode was produced by Liz Ervin and senior producer Jennifer Iben. Our mixer is Trey Hester
with original music by Elliot Peltzman. The show was written by our editorial staff.
Our executive editor is Peter Kilby and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Thank you. you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.