CyberWire Daily - FBI untangles the web that is Scattered Spider.
Episode Date: May 28, 2024The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christie’s. Prescription services warn customers of data breaches. Personal data from public sector workers in India is lea...ked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you can’t beat ‘em, troll ‘em. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. Selected Reading Potent youth cybercrime ring made up of 1,000 people, FBI official says (CyberScoop) Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack (ITPro) Data Stolen From MediSecure for Sale on Dark Web (SecurityWeek) 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx (SecurityWeek) Data leak exposes personal data of Indian military and police (CSO Online) Check Point warns of threat actors targeting its VPNs (TechMonitor) Internet Archive Hit With DDoS Attack (PCMag) Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer) Cops Are Just Trolling Cybercriminals Now (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. The FBI untangles scattered spider.
The Ransom Hub group puts a deadline on Christie's.
Prescription services warn customers of data breaches.
Personal data from public sector workers in India is leaked online.
Checkpoint says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper
clone installs malicious scripts. Our N2K T-Minus Space Daily podcast host Maria Vermasas speaks
with guest Kerry Hernandez-Marshall, CEO and co-founder from Rebel Space Technologies, about the need to extend cybersecurity
into space. And if you can't beat them, troll them.
It's Tuesday, May 28th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Hello there, and welcome back. It is good to have you with us here today.
At last week's SleuthCon conference
just outside Washington, D.C., Brian Vordren, Assistant Director of the FBI's Cyber Division,
revealed insights into Scattered Spider, a cybercriminal group linked to numerous high-profile
breaches. Known also as Octopus or UNC-3944, Scattered Spider compromises around 1,000 members,
many of whom do not know each other directly.
Borndren described the group as a very, very large, expansive, dispersed group of individuals.
This group has breached several prominent companies, including MGM Resorts and Okta.
The FBI considers Scattered Spider a top-tier cybersecurity threat,
alongside nation-state actors from China and Russia.
Composed primarily of native English speakers from the United States and the United Kingdom,
the group employs both digital and physical threats.
Some members even offer violence as a service,
engaging in activities such as assaults
and property damage to extort victims.
Despite facing criticism for the lack of public arrests,
FBI officials say they've taken non-public actions
against the group.
In January, authorities in Florida
arrested 19-year-old Noah Urban,
identified as a key figure in the crime ring.
Also at SleuthCon, Selena Larson, a senior threat intelligence analyst at Proofpoint,
stressed that average organizations faced greater risks from cybercriminals
than from government-backed actors.
Her remarks resonated with the audience,
highlighting the need to reassess how resources
are allocated in the fight against cybercrime. The hacker group RansomHub, responsible for a
recent attack on Christie's, has threatened to leak sensitive client information if ransom
demands aren't made by May 31. RansomHub, previously behind an attack on Change Healthcare, claimed
access to Christie's data on the dark web, releasing sample data including names, birth
dates, and nationalities. Christie's acknowledged a tech issue in early May, just before major
auctions, revealing unauthorized access by a third party. Despite rejecting initial ransom demands,
Christie's faced pressure to comply to avoid GDPR fines and reputational damage.
Australian digital prescription service MediSecure
confirmed that data stolen in a recent ransomware attack is for sale on the dark web.
The breach, originating from a third-party provider,
involved personal and health information of patients and healthcare providers.
Hacker Ansgar claimed possession of six and a half terabytes of data,
posting it for sale at $50,000. The Australian National Cybersecurity Coordinator and police are investigating.
MediSecure assured the public that ongoing access to medication is unaffected.
Meanwhile, pharmacy prescription service provider SaveRx is notifying 2.8 million individuals of a data breach that occurred on October 8, 2023.
The attack, quickly contained, did not disrupt patient care or prescription shipments.
However, attackers accessed non-clinical systems, exfiltrating personal information including names,
addresses, birthdates, social security numbers, and insurance IDs.
SaveRx worked with cybersecurity experts to ensure stolen data was destroyed.
The company is offering affected individuals two years of free credit monitoring and identity theft restoration services.
A report by Website Planet revealed that over 1.6 million documents containing sensitive personal information
from India's police, military, teachers, and railway workers, were exposed online.
Cybersecurity researcher Jeremiah Fowler discovered a 496-gigabyte database without password protection,
likely offered for sale on a dark web-related telegram group.
The data, linked to thought-green technologies and timing technologies,
included biometric information like facial scans, fingerprints, and personal ID documents.
The exposed database contained real-time updating records from 2021 through 2024.
Despite attempts to contact the companies, no responses were received. The exposure underscores vulnerabilities in Indian cybersecurity,
which has seen a rise in attacks targeting major organizations
posing significant security and privacy risks.
Cybersecurity firm Checkpoint advises customers to review their VPN configurations
to prevent abuse by threat actors.
Check Point observed attempts to access VPNs from various vendors
using old accounts with password-only authentication.
No software vulnerabilities were exploited in this case.
Check Point recommends disabling unnecessary local accounts
and using multi-factor authentication for needed accounts.
They provided a script and hotfix to block password-only access
and issued guidelines for improving VPN security and investigating suspicious activity.
The Internet Archive is experiencing ongoing distributed denial-of-service attacks
that began over Memorial Day weekend,
causing service disruptions.
Despite efforts to mitigate the attacks, many users still faced access issues.
The organization confirmed continued attacks on Tuesday.
The attacks have not affected the data, but have rendered most services unavailable.
Hackers are using code from a Python clone of Microsoft's Minesweeper game
to hide malicious scripts and attacks on financial organizations in Europe and the U.S.
Ukraine's C-Cert NBU and CERT-UA attribute these attacks to the threat actor UAC-0188.
The attacks involve using legitimate Minesweeper code to conceal Python
scripts that download and install SuperOpsRMM, a remote management software. The attack starts
with an email from support at patientdocsmail.com, prompting the recipient to download a malicious.scr file. This file includes both innocuous Minesweeper code
and malicious Python code that downloads additional scripts.
The attack aims to grant unauthorized access to compromised systems using SuperOps RMM.
CERT-UA identified at least five breaches and shared indicators of compromise for detection.
Coming up after the break,
our N2K T-minus Space Daily podcast host Maria Vermazes
speaks with guest Kerry Hernandez-Marshall,
CEO and co-founder of Rebel Space Technologies.
They discuss the need to extend cybersecurity into space.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details. Conditions apply. Air Transat. Travel moves us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Maria Vermasis is host of the N2K T-minus Space Daily podcast.
She recently caught up with Carrie Hernandez Marshall,
CEO and co-founder of Rebel Space Technologies.
They discussed the need to extend cybersecurity into space.
We started the company in late 2019,
really just doing a lot of consulting work at first
and then decided to go into full venture-backed corporation world in 2020.
My background is a little odd.
I started out in the Air Force, the U.S. Air Force,
as an enlisted person, landed in, you know, they give you a job.
The job they gave me was to be
a signals intelligence person doing
Chinese Mandarin translations.
So that was my introduction
to the world
of the military
and it was interesting. I spent a lot
more time playing with equipment
and signals than I did
really getting better at Mandarin. I can maybe
order in a restaurant. That's it.
That's good to know.
Next time I'm there, I'll be like calling you.
I can have when people are talking about me.
That's about it.
It wasn't really my forte.
That's a handy skill set, honestly.
But yes.
So you wanted to play more with the equipment.
Okay, so I can see where maybe that led to where you're at now.
Yeah, yeah.
Yeah, yeah.
Then I was into tech.
And so, all right, what do I need to do to do that?
So I got out of the Air Force and I went into electrical engineering, got my electrical engineering degree at the University of Wyoming.
Landed back in the military as an officer right after 9-11.
So ended up in a strange position being electrical engineer, previous intel person in the military with no job.
So I got sent to Vandenberg Air Force Base.
And they were like, go to this one organization.
It was Space and Missile Center, or Space and Missile Center, Det 9 at the time.
And they're like, go talk to all the commanders and see who needs your skill set.
So I walked around to each one like, hey, I'm Carrie.
I'm the brand new lieutenant.
Here's my background.
Here's what I do.
And I landed at what became the 4th Space Launch Squadron,
working for Lee Rosen at the time,
who later went on to do all kinds of crazy things in Space Launch and at SpaceX.
Yeah, I was going to say, that's a big name.
Yeah.
So Lee's like, I like you.
So yeah, brought me in.
That core family at that unit just stayed together.
We are all intertwined, still working together quite a bit.
We all ended up, a lot of us at SpaceX, and now have our own gigs.
So that's how I ended up in space.
So I did space launch for a while.
Then I went and I got into another strange world after that job in the military, I ended up as a reservist and also a defense contractor
working in space electronic warfare.
So we were at this organization called the Space Range,
where we're responsible for building and figuring out
all the ways that space systems could possibly be broken
and how we can prevent that from happening
before we field systems.
So now I'm on this trajectory.
Yes, yeah, yeah, yeah.
So now I'm learning all the ways to protect space systems.
So after I did that for a while,
built a whole bunch of really cool space simulations and environments
and things that were used to both train Air Force operators
for how to do space system operations,
and then also, you know, kind of just figure out where the gaps were.
Went from there into the world of network warfare.
So this is where I start to intersect more into cyber world.
And so I ran a pen test team and a test and evaluation team
for the software that was being deployed in the Air Force side.
And so now I'm doing cyber.
I've done space.
You know, I kind of just lived in these worlds.
You've had like three careers already.
I haven't even got started, right?
I know.
They all go together.
They all go together.
I'm always the person with like,
and it goes back to that original premise,
I'm the person with the signals, huh?
Let's talk to you.
During this whole time,
I had been
getting you know my graduate degree and i was in a phd program kind of early ai you know because i
really had this obsession with like starting way back in in grad school about you know just high
and kind of just unsupervised machine learning how can you use ai to do things that that you know
when you're talking about complex i mean they call it like match magic right communications
and wireless and all this stuff.
And I'm like, there's got to be a better way.
And so I started looking into the beginnings of applying AI to communications and to networks and to the RF environment to kind of figure out that it can be doing it better than us, right?
We can do cognitive radios.
We can have these smarter things.
But about that time, when I was doing my PhD program working and running the network warfare team, I got a call from Lee Rosen.
And he's like, hey, do you want to come to SpaceX?
At this time, it was 2014.
Things weren't as mature as they are now.
Things are still blowing up.
He's like, yeah, can you come to the launch site and run the RF and telemetry communication side of the house?
I'm like, yeah.
That sounds like a lot of work.
Rockets are never boring.
That's a great way of putting it.
Then I walked into commercial space land.
And I get exposed to both, you know, kind of just this new era of how things are done on space.
You know, the go fast, build quick, fail fast mentality.
And then I go from there into another tech startup, Slingshot Aerospace, for a while when they just get started.
I knew them from the military,
helping them out on some of the tech development roadmap.
And that's where I kind of got the bug for startups.
So when I finally decided to do that in 2019,
I was like, all right, what do I want to do?
What needs fixed?
And that's where I got to, hey, you know what?
When I was on the defense and the government side,
I assumed commercial had the best stuff, man.
I thought,
they're going to have all the great software. They're going to
know everything. So you show up,
it's like, no. Cybersecurity, afterthought.
Advanced,
any use of any advanced analytics
tools for making sure signals and communications,
you understood what was going on.
The focus is still,
like I said, to get on orbit.
And that's not wrong.
But, you know, at some point we have to be moved beyond just we're happy we got there.
We're happy the capability works.
Let's pretend now that this is now important to critical infrastructure and treat it in a lot of the ways that we treat other critical networks and infrastructure.
Wow. Okay.
Your story is awesome.
So thank you for walking me through that. Because it just speaks so much to how much you have so much experience in both the space and cybersecurity world that you can really see that both landscapes truly.
And what I'm always personally fascinated by, as you just sort of touched on, is sort of why have the two not meshed as well as we know that they need to?
And we were sort of chatting about this earlier.
Is it a cultural thing?
What's the deal?
But also, I think people who are more mature in this space recognize, as you said, there's a lot that needs fixed.
We are not there yet.
And I just would love to get your thoughts on, my God, where do we even start with this?
Right.
Well, I mean, there's a running joke, right?
Like, if you put something in space, who's going to mess with it, right?
You're not, for one thing, if something goes wrong, you're not sending the IT guy to turn it off and on again, right?
And, you know, and in the past, we were, you know, the assumption is that it's just too hard, right?
It's too hard to touch.
It's too hard to get it up there.
So it's definitely too much trouble for anybody to mess with it.
You know, it's not that,
you know,
every client knows,
you know,
everybody knows that cyber is important
and it's just not a priority
because we haven't had that
sort of major event
to drive us, right?
There hasn't been the big hack.
There hasn't been the big takedown.
There's something that we really,
really need on a day-to-day basis.
And now this keeps the military, the government up at night, enough so that they've funded
us very well.
But commercially, it's just, you know, the incentives aren't there, I don't think.
Can you give me a bit of a walkthrough of the threat landscape for space?
Because this is something that I, even with my cyber background, it is a different flavor
when it comes to space, not just because it's in space.
I mean, we're talking about RF signals
and you know signals very well.
So walk me through it.
Yeah, so, you know,
that's just one layer.
So we're partnered with the Space ISAC,
which was stood up to really provide
kind of similar ISACs,
like information sharing,
analysis center,
same as energy and power and water
and all these other critical infrastructures.
And so they would be great if you haven't had them on to come in and talk.
Talking to them next month.
Perfect.
Yeah.
Yeah.
And they have just this running board of things that are going on.
And so, you know, this kind of comes back to our space when we're building.
The main problem is that it's in space.
If you're talking about the communication side or even the system side, troubleshooting. Like anomalies determining what is an actual problem
and a threat and what is it a just, it's me, right?
And I think that's true in a lot of complex physical systems,
but specifically in space,
because you have to identify something specifically
as somebody is messing with me.
I've been deliberately interfered with.
Somebody has deliberately sent a
command. Those are seen.
People do try all the time to take over
satellites. They try to send commands
and see what happens from all
sorts of players because it's fun.
It's in space, right? It's like
the ultimate hack, right?
I pwned a satellite. Woohoo! Yeah.
Right? I got in and got access.
But it's still hard, right? And so what we see is a lot of stuff that is just just getting you know we don't either don't catch
it or we just kind of say all right i don't know if you take a hit in your operations but then it
comes back you know you know how much does it matter so so the the problem there is that you
know i think as we mature and as things become much more juicier targets,
when it becomes really interesting to try to mess with a Starlink
or try to take down some critical piece of a constellation,
it's going to escalate.
And if you don't catch things early,
if you can't differentiate between something
that is just an anomaly in the environment
or something that's something on your system,
it's just hard.
It's just hard to even begin to unravel that
because, again, we don't have access to these physical devices
like we do in a physical network, right?
So when something goes wrong in a physical network
and you don't know and you're trying to troubleshoot,
what do you do?
You go plug it, you swap it out, and that's not an option.
I was wondering as you were talking me through this,
attribution's tricky on a good day.
This is sort of a flippant question, admittedly.
If your satellite is being messed with, does attribution really matter if you're, I mean, in that moment?
Or is it long-term?
I imagine you want to know.
But in that moment, you're kind of like, I just need to get this thing non-messed with.
Attribution, I mean, it's always hard.
And, you know, I think, I mean,
ideally, yeah, it'd be great. And attribution in a way too, like, it's just even when it's
innocent, like that interference, if I know who's doing it, I can tell them to turn it off, right?
Every time I fly over this ground station, something happens. Hmm. All right. You know,
if I can pinpoint that, and you can sometimes, right? You can figure it out. But the more
important question is, you know, what happens next next um you know so if i'm seeing this
pattern of things and it's not me and i can know that it's not me it's not my system you know then
i can also say one i can avoid it um you know take mitigation measures just standard risk management
practice you know or you know the other thing i could do is i can just be responsive to it and
understand that like okay i see that something this has happened and in this pattern i've seen
before and say in our community, other people have reported that the
next thing that happens is this. So, you know, maybe it's somebody just trying to see if they
can spoof my signal. They can pretend to be something they're not, you know, trying to trick
my satellite to think they're the ground station. You know, this understanding that attribution
aside, but understanding that, that pattern. Yeah. Like, is it like is it an accidental interference or is it malicious?
Or is it, yeah, one masking as the other potentially?
Yeah, this is the part where I get really fascinated
by how this all works because it's,
I mean, accidental stuff will happen,
but I imagine it would be,
now I'm just making stuff up now.
I'm just like, I imagine it would be really fun to pretend.
Anyway, I'm gonna leave that thread off to the side.
Anyway, so I mean, we've covered a bit of, you know,
what the current threat landscape looks like,
and there's a lot of different things that can happen,
some more, you know, terrestrial, pedestrian threats, I suppose,
like, you know, doing, even Viasat, when it had its issues in 2022,
it was a VPN, I think it was like a VPN issue, essentially.
I may be misremembering that detail.
I apologize.
But it wasn't like a super sophisticated hack.
It was pretty much like something wasn't updated that should have been.
And that's kind of like, it keeps a lot of people employed in the cybersecurity industry.
It's like, all right.
That is true.
That is true, yeah.
When we think about the future of cybersecurity in space, and you sort of hinted at it, we're getting these incredibly sophisticated constellations that are being built at a breakneck pace right now and going in or already are in space right now.
I mean, what does that mean for what we're looking forward?
I mean, what kind of new threats do we think might be emerging there?
You know, I think what's kind of hot right now um hot topic that we are also you know looking at how to address is the use of autonomous
systems and ai on the space system itself kind of a joke ai for ai uh but we're going to rely on more
autonomy right because you know again we don't have that we're not flying these things we're
so much and so on orbit they especially if you're doing crazy stuff like CISLunar,
on orbit, you need to be able to have these smarter machines
that make smarter decisions and can reconfigure.
And if they see something go wrong, adjust.
One of our key things right now with Space Force
is we're supporting the Orbital Prime Program,
which is in-space assembly manufacturing.
On orbit,
you know, vehicle to vehicle, you know, type of action that really can't be done manually.
That's really hard to build in the perfect non-machine learning, non-autonomous system.
So how do you know when those are getting poisoned? How do you know when your data's off,
either intentionally or unintentionally? And how do you understand when to kind of
throw a stop on that?
And so, you know, I think we see this in the autonomous driving cars now, right?
All the deep safety concerns about how do you check the AI, you know, how do you do
safety and resiliency?
We need that same thing on orbit, especially if we're doing more ambitious things where
vehicles are approaching other vehicles and, you vehicles and trying to maintenance and service them.
Because yeah, you don't want to...
What happens if two cars crash?
It's tragedy and people could get hurt.
But if two major city systems crash in orbit,
that trash is in orbit.
Yeah.
And definitely we don't want the Kessler effect
happening because to...
No, I mean, that would be an absolute nightmare of...
My goodness.
Yeah.
So even just somebody messing with it, No, I mean, that would be an absolute nightmare of, my goodness. Yeah. Right, right.
So even just somebody messing with it, even like just say not the super sophisticated hacker.
Let's just say, you know, somebody's aware that something's going on.
They might try, you know, maybe I try to jam something.
Maybe I try to see if I can spoof a command.
You know, maybe the AI on there just, you know, has a bad day.
I don't know.
So we just need to be thinking, I think, like this about how we go forward
and protect from all different kinds of things.
Carrie, this has been a fascinating conversation
for me personally.
Thank you so much.
I wanted to make sure I gave you the last word.
So this is sort of the open opportunity.
If there's something I missed
or something you wanted to mention,
please go right ahead.
My takeaway is just,
having been in both industries, my key point,. My takeaway is just, you know, having been in
both industries, you know, my key point, I know I've said this several times, is it's just,
you know, we need better tools. I think it's really important that if that is going to be
the world we live in for quite a while, then we need to at least invest in kind of a common
understanding of, you know, what is going on with our systems, what is going on with our software,
just so that we can even begin to, you know, be prepared for to be prepared for a future where there are legitimate and major attacks going on.
That's N2K T-minus Space Daily podcast host Maria Vermatsis,
speaking with CEO and co-founder of Rebel Space Technologies, Carrie Hernandez Marshall. Thank you. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, Russian cybercriminals have been nearly untouchable,
launching ransomware attacks against hospitals, critical infrastructure,
and businesses with little fear of Western law enforcement or Russian authorities.
Even when Russian police take their servers offline,
the hackers often resume operations within weeks.
A story from Matt Burgess for Wired describes how Western law enforcement is now adopting a new tactic,
psychological operations to disrupt cyber criminals' trust and morale.
They're essentially trolling the hackers.
For example, in Operation Kronos, the UK's National Crime Agency infiltrated the LockBit ransomware group,
responsible for extorting over $500 million.
traded the LockBit ransomware group, responsible for extorting over $500 million. They took the group's systems offline, redesigned their leak website, and published LockBit's inner workings,
including usernames and login details of 194 affiliate members. This public exposure
shattered LockBit's anonymity and brand, making it toxic to potential collaborators.
Hackers logging into LockBit's administration systems received messages showing authorities
had gathered their details, from usernames to cryptocurrency wallets.
These psyops targeted the group's brand reputation and internal trust,
creating friction and distrust among members. As a result, only 69 of the 194
affiliates returned to the platform after the operation. In another case, London's Metropolitan
Police disrupted Labhost, a phishing service. Police sent personalized video messages to 800
criminals, detailing the data they had collected, including IP addresses
and targeted victims' countries. The message? We've been watching you every time you visited us.
The impact of these tactics is significant. Hackers discuss these operations on Russian-language
cybercrime forums, revealing divisions and mistrust. For instance, after Operation Kronos,
some criminals speculated about possible collaboration with law enforcement,
while others warned against making memes or jokes about the situation.
By using these psychological strategies alongside traditional technical measures,
law enforcement hopes to make the cybercrime world a much more paranoid and
hostile environment for the cybercriminals. The ultimate goal? Make hackers think twice
before launching their next attack.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire
at n2k.com. We're privileged that N2K Cyber Wire is part of the daily routine of the most
influential leaders and operators in the public and private sector, from the Fortune 500 to many
of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for
companies to optimize your biggest investment,
your people. We make you smarter about your teams while making your teams smarter. Learn how at
n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and
sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp.
Simone Petrella
is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.