IntrusionsInDepth Podcast

AUDIO NOTE: There are some portions of audio with slight static. I’m blaming solar flares. On a serious note, I’m troubleshooting this, but the episode is still listenable. Key Topics:* Lab Dookhtegan’s emergence as an Iranian hacktivist group targeting the regime through hack-and-leak operations, data leaks, and sabotage since 2019.* Key attacks, including the 2019 leak of APT34 tools, multiple doxings of IRGC officials from 2020 to 2024, and election interference exposures.* Destructive maritime cyber attacks in March and August of 2025 disrupted 116 and 64 Iranian sanction-evading ships via supply chain compromise.* Speculations on Lab Dookhtegan’s potential ties to nation-states like the US or Israel for plausible deniability in proxy operations.* Comparisons to other hacktivist groups like KillNet (Russian-backed) and Blackjack (Ukrainian-aligned), highlighting overlaps between hacktivism and state-sponsored cyber activities.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Books:* Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy GreenbergLinks and Resources:* https://cybershafarat.com/2023/10/09/lab-dookhtegan-supports-us-against-hamas-hezbollah/https://www.rferl.org/a/farda-briefing-iran-water-crisis-israel-help/33503264.htmlhttps://www.wired.com/story/iran-hackers-oilrig-read-my-lips/https://securityaffairs.com/117506/apt/iran-state-sponsored-ransomware.htmlhttps://flashpoint.io/blog/second-iranian-ransomware-operation-project-signal-emerges/https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdfhttps://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdfhttps://blog.sekoia.io/iran-cyber-threat-overview/https://x.com/LabDookhtegan2/status/1754860930599403851https://x.com/LabDookhtegan2/status/1737531151424565421https://x.com/LabDookhtegan2/status/1734144401687842971https://x.com/LabDookhtegan2/status/1757333667242770769https://home.treasury.gov/news/press-releases/jy2072https://x.com/LabDookhtegan2/status/1767939764966047877https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/https://x.com/LabDookhtegan2/status/1824131756884365386https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdfhttps://cybershafarat.com/2021/11/26/lab-dookhtegan-the-regime-and-me-we-aint-mates-huge-data-reveal/https://cydome.io/lab-dookhtegan-cyberattack-second-wave-findings-aug-2025/https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandwormhttps://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minionshttps://en.wikipedia.org/wiki/Killnethttps://therecord.media/russian-hacker-group-killnet-returns-with-new-identityhttps://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=enhttps://en.wikipedia.org/wiki/LulzSechttps://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/https://go.recordedfuture.com/hubfs/reports/cta-2024-0125.pdfhttps://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdfhttps://home.treasury.gov/news/press-releases/jy2072https://en.wikipedia.org/wiki/March%E2%80%93May_2025_United_States_attacks_in_Yemenhttps://cybershafarat.com/2024/11/01/the-attempt-of-shahid-shushtri-also-known-as-emennet-pasargad-a-cyber-group-affiliated-with-the-islamic-revolutionary-guard-corps-to-interfere-in-the-upcoming-american-elections-iran-internatio/* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Key Topics:* US-Iran Historical Tensions* Iran’s Demographics & Strategy* Nuclear Program & 2025 Strikes* Proxy Networks (Axis of Resistance)* Iranian Cyber Threat ActorsCall to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Books:* Stuxnet and the Launch of the World’s First Digital Weapon Countdown to Zero Day - Kim Zetter* Iran’s Perilous Pursuit of Nuclear Weapons — David Albright & Sarah Burkhard * From Intel to Iran: The Defection of Monica Witt — Borna AhadiLinks and Resources:* https://en.wikipedia.org/wiki/Judicial_system_of_the_Islamic_Republic_of_Iran* https://attack.mitre.org/groups/G0069/* https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming* https://cloud.google.com/security/resources/insights/apt-groups#global-threats-iran* https://en.wikipedia.org/wiki/Shamoon* https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a* https://cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/* https://iapp.org/news/b/black-shadow-hackers-re-emerge-with-second-israeli-breach* https://www.securiwiser.com/news/black-shadow-hits-cyberserve-and-lgbtq-dating-app-client/* https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations* https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation* https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks* https://www.mei.edu/publications/iranian-apts-overview* https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises* https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents* https://darknetdiaries.com/transcript/30/* https://risky.biz/why-iran-is-a-scaredy-cat-cyber-chicken/* https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies* https://home.treasury.gov/news/press-releases/sm1127* https://mjolnirsecurity.com/the-asymmetric-battlefield-an-anthropological-and-geopolitical-analysis-of-iranian-cyber-threats-to-north-american-critical-infrastructure/* https://cloud.google.com/blog/topics/threat-intelligence/apt33-insights-into-iranian-cyber-espionage* https://www.picussecurity.com/resource/blog/understanding-active-iranian-apt-groups* https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025* https://www.mei.edu/publications/iranian-apts-overview* https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks* https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation* https://www.darkreading.com/vulnerabilities-threats/anatomy-of-the-new-iranian-apt* https://www.infopoint-security.de/medien/fireeye-operation-saffron-rose.pdf* https://narimangharib.com/* https://darknetdiaries.com/transcript/30/* https://www.youtube.com/playlist?list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew* https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/* https://cloud.google.com/blog/topics/threat-intelligence/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this AMA episode of "Intrusions in Depth," host Josh Stepp chats with friend and cybersecurity mentor David "Ponch" Sanchez about pressing topics from the audience. They break down the Coinbase breach, discussing how a bribed contractor exposed user data and balances, which could potentially create targets for phishing and physical attacks. Next, they analyze the risk of Iranian cyber retaliation against U.S. infrastructure during the ongoing Israel-Iran skirmishes, weighing destructive potential against political divisions. Lastly, for those entering cybersecurity, especially threat intelligence, they advise building home labs, reading industry articles, and seeking hands-on experiences at events like DEF CON to stand out in a competitive job market.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://github.com/demining/Physical-Bitcoin-Attacks* https://www.raicescyber.org/* https://www.wsj.com/us-news/second-suspect-surrenders-in-alleged-new-york-crypto-kidnapping-case-103e06c6* https://www.wsj.com/video/botched-kidnapping-attempt-in-paris-as-criminals-target-crypto-wealth/9E10C74A-5158-49AF-B625-4ABA5EDC5B6E* https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976* https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a* https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36* https://academy.intel-ops.io/courses/hunting-adversary-infra* https://web.archive.org/web/20201206081245/https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/psychology-of-intelligence-analysis/PsychofIntelNew.pdf* https://irp.fas.org/doddir/army/* https://irp.fas.org/doddir/army/gta33_01_006.pdf* Host: Josh Stepp * Produced by: Josh Stepp* Guest: David SanchezThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

DescriptionIn this informal mini-episode, Josh Stepp delves into two AI-related topics. First, he explores the "Vending Bench" research paper, which tests the long-term coherence of LLM-based agents running a vending machine business, revealing high variance in performance, with top models like Claude 3.5 Sonnet and OpenAI's O3 Mini outperforming humans but occasionally spiraling into chaotic behaviors like spamming the FBI over minor issues. Then, Josh reacts to a Pentest Partners blog post about exploiting SharePoint via Microsoft's CoPilot, highlighting how attackers can bypass access controls and forensic tracking to mine sensitive dataCall to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://arxiv.org/pdf/2502.15840* https://andonlabs.com/* https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this episode of the Intrusions InDepth Podcast, host Josh Stepp dives into the 2024 Polyfill.io incident, a wake-up call for the web development community that exposed the vulnerabilities of the internet’s sprawling infrastructure. What began as a trusted open-source service, used by over 100,000 websites to ensure cross-browser compatibility, turned into a vehicle for widespread malware distribution after its domain and GitHub repository were sold to a Chinese company, Funnull. Josh explores the timeline of the attack, the mechanics of the malicious JavaScript payloads, and the broader implications for open-source software and internet trust. With a mix of technical analysis, commentary on open-source economics, and a touch of conspiracy-adjacent speculation, this episode unpacks how a seemingly innocuous service became a vector for a global cyberattack and what it means for the future of the web.Main Topics Discussed* Polyfill.io Attack Overview* Timeline of Events* Malware Mechanics* Open-Source Vulnerabilities* Implications and SolutionsCall to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://blog.qualys.com/vulnerabilities-threat-research/2024/06/28/polyfill-io-supply-chain-attack* https://cside.dev/blog/the-polyfill-attack-explained* https://therecord.media/polyfill-cloudflare-trade-barbs-supply-chain-attack* https://news.ycombinator.com/item?id=40792136* https://news.ycombinator.com/item?id=40804254* https://risky.biz/RB755/* https://web.archive.org/web/20230505112634/https://polyfill.io/v3/ownership-transfer* https://web.archive.org/web/20230601214142/https://jakechampion.name/* https://web.archive.org/web/20231011015804/https://polyfill.io/* https://web.archive.org/web/20231101040617/https://polyfill.io/* https://github.com/polyfillpolyfill/polyfill-service/commit/5f4fc040e09436371f70ffcebe47ca0e3cdccac0* https://github.com/polyfillpolyfill/polyfill-service/commit/aa261a834b36131e8dbd20d725c6b5d773f736d9* https://github.com/polyfillpolyfill/polyfill-service/issues/2892* https://sansec.io/research/polyfill-supply-chain-attack* https://www.theregister.com/2025/05/06/from_russia_with_doubt_go/* https://huntedlabs.com/the-russian-open-source-project-that-we-cant-live-without/* https://x.com/weirddalle/status/1922396432977346973* https://www.berkshirehathaway.com/* https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk/* https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet/* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Step back into the late 1980s and early 1990s in Sofia, Bulgaria, a nation transitioning from communism and becoming an unexpected epicenter for early computer virus creation. This episode delves into the story of Vesselin Bontchev, a young researcher studying the nascent threat of computer viruses, and the emergence of the notorious virus writer known only as "Dark Avenger". Explore the destructive nature of early viruses like "Eddie" and the escalating rivalry between Bontchev, who sought to counter the viral threat, and Dark Avenger, who released increasingly malicious code and even targeted Bontchev directly. Discover how American Sarah Gordon stumbled into this world, her interactions with Dark Avenger, and the creation of the revolutionary, dangerous Mutation Engine (MtE). We'll also examine the unique socio-economic conditions in Bulgaria that fostered this "Virus Factory," including a surplus of skilled tech enthusiasts with limited opportunities and widespread software piracy.Main Topics Discussed* The Bulgarian Virus Scene: The episode explores how Bulgaria, particularly Sofia, became a surprising hub for computer virus creation in the late 80s and early 90s, coinciding with the country's political and economic transition.* Vesselin Bontchev vs. Dark Avenger: A central theme is the rivalry between Vesselin Bontchev, an anti-virus researcher, and the prolific, malicious virus writer known as Dark Avenger. This includes Dark Avenger's increasingly sophisticated viruses (like Eddie and Nomenklatura), his targeting of Bontchev and others, and Bontchev's efforts to analyze and combat the viruses.* Sarah Gordon and the Mutation Engine (MtE): The story of Sarah Gordon, an American who became fascinated with the Bulgarian virus scene and interacted with Dark Avenger. This interaction led to Dark Avenger creating the groundbreaking and dangerous Mutation Engine (MtE), a tool allowing viruses to constantly change their code to evade detection.* Psychology and Sociology of Virus Writing: The episode touches upon the motivations behind virus creation, including seeking fame, rebellion against authority, socio-economic factors like lack of opportunity and widespread software piracy in Bulgaria, and Sarah Gordon's research into the mindset of virus writers.* Early Computer Viruses and Anti-Virus Efforts: The discussion covers the nature and mechanics of early computer viruses (e.g., infecting .com/.exe files, corrupting disk sectors, targeting the FAT) and the nascent anti-virus techniques and communities forming to combat them (like CARO and FidoNet).Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://bontchev.nlcv.bas.bg/papers/factory.html#The%20Dark%20Avenger* https://www.f-secure.com/v-descs/eddie.shtml* https://www.theguardian.com/news/2023/may/09/on-the-trail-of-the-dark-avenger-the-most-dangerous-virus-writer-in-the-world* https://en.wikipedia.org/wiki/Sarah_Gordon_(computer_scientist)* Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro* https://(.)youtu.be/1iq9w5Tn_DQ* https://(.)www.youtube.com/watch?v=NtJ0CQ7K6_4&ab_channel=DEFCONConference* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description: Dive into the complex world of cybersecurity and geopolitics with this addendum episode of Intrusions in Depth, hosted by Josh Stapp. Expanding on the Salt Typhoon episode, this podcast explores China's strategic cyber operations, global ambitions, and the evolving nature of modern warfare. From hacking tactics to pursuing economic and military dominance. Learn how groups like Salt Typhoon fit into China's broader geopolitical goals.Main Topics Discussed:* China’s Strategic Goals and the "China Dream": Examines Xi Jinping’s vision for China’s rejuvenation, aiming for economic prosperity, technological leadership, and military strength by 2049, with initiatives like Made in China 2025 and the Belt and Road Initiative.* Evolution of Warfare and Unrestricted Warfare Doctrine: Analyzes how China’s approach to warfare, inspired by the 1999 book Unrestricted Warfare, blends cyber, economic, and psychological tactics to exploit vulnerabilities, contrasting with Western military strategies.* The AI Race and Technological Competition: Explores the U.S.-China race for AI dominance, highlighting differences in innovation styles, data privacy approaches, and the role of AI as a force multiplier in modern conflicts.* Soft Power and Global Influence: Discusses China’s soft power strategies, including cultural exports like Confucius Institutes, economic diplomacy via the Belt and Road Initiative, and narrative control to shape global perceptions.* Deterrence and Defense Against Cyber Threats: Proposes solutions to counter groups like Salt Typhoon, weighing the challenges of bolstering cyber defenses and imposing economic or diplomatic costs on adversaries without escalating conflicts.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://fs.blog/bias-conjunction-fallacy/* https://en.wikipedia.org/wiki/Torrijos%E2%80%93Carter_Treaties* https://en.wikipedia.org/wiki/Operation_Fox_Hunt* https://en.wikipedia.org/wiki/Chinese_intelligence_activity_abroad* https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/* https://www.propublica.org/article/operation-fox-hunt-how-china-exports-repression-using-a-network-of-spies-hidden-in-plain-sight* https://foreignpolicy.com/2018/10/11/if-the-u-s-doesnt-control-corporate-power-china-will/* https://www.fbi.gov/news/speeches/the-threat-posed-by-the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states* https://en.wikipedia.org/wiki/Alberto_Fujimori* https://en.wikipedia.org/wiki/Ferdinand_Marcos* https://foreignpolicy.com/2025/01/07/china-salt-typhoon-hack-threat-panic-washington/* https://scholarworks.uvm.edu/cgi/viewcontent.cgi?article=1440&context=hcoltheses* https://luluyan.medium.com/deepseeks-prompt-engineering-secret-there-is-no-secret-8107b14e1e56* https://www.vellum.ai/blog/the-training-of-deepseek-r1-and-ways-to-use-it* https://www.techtarget.com/whatis/feature/DeepSeek-explained-Everything-you-need-to-know* https://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women* https://www.cfr.org/backgrounder/made-china-2025-threat-global-trade* https://apt.etda.or.th/cgi-bin/showcard.cgi?g=APT%2031%2C%20Judgment%20Panda%2C%20Zirconium&n=1* https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/* https://breakingdefense.com/2021/09/chinas-new-data-security-law-will-provide-it-early-notice-of-exploitable-zero-days/* https://en.wikipedia.org/wiki/Made_in_China_2025* https://en.wikipedia.org/wiki/Century_of_humiliationBooks:* Mindf*ck: Cambridge Analytica and the Plot to Break Americaby Christopher Wylie * Targeted: My Inside Story of Cambridge Analytica and How Trump and Facebook Broke Democracy by Brittany Kaiser * Unrestricted Warfare: China's Master Plan to Destroy Americaby Qiao Liang, Wang Xiangsui * Principles for Dealing with the Changing World Order: Why Nations Succeed and Fail by Ray DalioCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description:This episode of The IntrusionsinDepth Podcast released on March 15, 2025, explores the Chinese hacking group Salt Typhoon, a sophisticated cyber-espionage outfit linked to the Ministry of State Security that infiltrated nine U.S. telecom companies and the Treasury by exploiting vulnerabilities in Cisco and BeyondTrust systems. The host traces the group’s evolution from its broad 2019 attacks on Southeast Asia to its refined 2023-2025 campaigns, wielding custom malware like Ghost Spider to steal sensitive data from telecoms, governments, and tech sectors worldwide. With aliases like Ghost Emperor and UNC2286, Salt Typhoon’s history builds on decades of Chinese cyber operations—shifting from the PLA’s early economic theft to the MSS’s strategic espionage—culminating in recent breaches exposing D.C.-area VIP calls and unclassified Treasury documents. The U.S. response of symbolic sanctions on a Chinese firm and an MSS-affiliated hacker underscores the ongoing challenges with groups like this. Main Topics Discussed:1. Who is Salt Typhoon?* Known by aliases like Ghost Emperor and UNC2286, they’ve been active since 2019, tied to China’s MSS.* Targets include telecoms, governments, and tech globally, with a focus on espionage.2. History of Chinese Cyber Attacks * Early attacks (2003-2010s) by the PLA stole tech secrets, like Operation Aurora against Google.* Modern APTs like Salt Typhoon showing more refined, widespread operations.3. Salt Typhoon’s Campaigns* Early hits (2019-2022) targeted Southeast Asia; later ones (2023-2025) hit U.S. telecoms and Treasury.* Malware like Ghost Spider evolved, using clever tricks to stay hidden and adaptable.4. U.S. Attacks & Response* Recent breaches exposed D.C.-area VIP calls and Treasury data via Cisco and BeyondTrust flaws.* U.S. countered with symbolic sanctions on a Chinese firm and hacker, Yin Jinping, but the threat persists.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://blog.polyswarm.io/salt-typhoon-targets-telecoms-with-ghostspider?* https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption* https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf* https://techcrunch.com/2024/10/13/meet-the-chinese-typhoon-hackers-preparing-for-war/* https://mashable.com/article/salt-typhoon-breach-att-verizon-clear* https://techcrunch.com/2024/12/04/fbi-recommends-encrypted-messaging-apps-combat-chinese-hackers/* https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/* https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b* https://www.reuters.com/technology/cybersecurity/us-adds-9th-telcom-list-companies-hacked-by-chinese-backed-salt-typhoon-2024-12-27/* https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage* https://en.wikipedia.org/wiki/Ministry_of_State_Security_(China)* https://en.wikipedia.org/wiki/2010%E2%80%932012_killing_of_CIA_sources_in_China?* https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/* https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including* https://cloud.google.com/blog/topics/threat-intelligence/chinese-espionage-tactics/* https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020* https://en.wikipedia.org/wiki/Operation_Fox_Hunt* https://en.wikipedia.org/wiki/Salt_Typhoon* https://www.theguardian.com/us-news/2021/oct/27/us-bans-china-telecom-from-operating-over-national-security-concerns* https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince* https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/analyzing-salt-typhoon-telecom-attacker/* https://www.crowdstrike.com/en-us/blog/an-analysis-of-lightbasin-telecommunications-attacks/* https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/* https://www.darkreading.com/data-privacy/chinese-apt-backdoor-found-in-ccleaner-supply-chain-attack* https://news.sky.com/story/obama-tells-china-president-hacking-must-stop-10345126* https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach* https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf* https://en.wikipedia.org/wiki/PLA_Unit_61398* https://en.wikipedia.org/wiki/Titan_Rain* https://www.csis.org/programs/strategic-technologies-program/survey-chinese-espionage-united-states-2000* https://www.nytimes.com/2024/12/16/us/politics/biden-administration-retaliation-china-hack.html* https://github.com/shadow1ng/fscan/blob/main/README_EN.md* https://github.com/sensepost/reGeorg* https://www.cisa.gov/sites/default/files/2024-05/MAR-10448362.c1.v2.CLEAR_.pdf* https://proxylogon.com/* https://www.picussecurity.com/resource/blog/salt-typhoon-removing-chinese-telecom-equipment* https://threatpost.com/famoussparrow-spy-hotels-governments/174948/* https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf* https://www.trendmicro.com/en_us/research/24/k/earth-estries.html* https://cyberscoop.com/suspected-chinese-hackers-took-advantage-of-microsoft-exchange-vulnerability-to-steal-call-records/* https://portswigger.net/daily-swig/a-whole-new-attack-surface-researcher-orange-tsai-documents-proxylogon-exploits-against-microsoft-exchange-server* https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/* https://cyberscoop.com/famoussparrow-eset-microsoft-exchange-proxylogon/* https://www.c4isrnet.com/cyber/2024/04/10/secretive-us-cyber-force-deployed-22-times-to-aid-foreign-governments/* https://www.meritalk.com/articles/report-salt-typhoon-using-backdoor-malware-tactics/* https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951* https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/* https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html* https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html* https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation* https://www.trendmicro.com/en_us/research/24/k/earth-estries.html* https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/* https://cyberscoop.com/chinese-hack-nsa-tool-check-point/* https://teamwin.in/index.php/2025/02/15/redmike-hackers-exploited-1000-cisco-devices-to-gain-admin-access/* https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally* https://cyberscoop.com/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks/* https://www.techtarget.com/searchsecurity/news/366617509/Treasury-Department-breached-through-BeyondTrust-service* https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/* https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/* https://www.reuters.com/technology/cybersecurity/us-treasury-dept-issues-sanctions-related-salt-typhoon-hack-2025-01-17/* https://www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/* https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices* https://risky.biz/BTN106/* https://en.wikipedia.org/wiki/Salt_Typhoon* https://jsac.jpcert.or.jp/archive/2025/pdf/JSAC2025_1_5_leon-chang_theo-chen_en.pdf* https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming* https://nvd.nist.gov/vuln/detail/cve-2023-2868* https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/* https://malpedia.caad.fkie.fraunhofer.de/actor/ghostemperor* https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/* https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/* https://blog.talosintelligence.com/salt-typhoon-analysis/Credits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to IntrusionsinDepth Podcast. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description:Welcome to the first Ask Me Anything (AMA) episode of The Intrusions in Depth Podcast! Host Josh Stepp takes a break from scripting his next deep-dive episode to answer listener questions in an unscripted, off-the-cuff format. To kick off this new series, Josh tackles a listener's question about the TikTok ban, its national security implications, and President Trump’s decision to delay enforcement for 75 days. What starts as a straightforward discussion spirals into a multi-faceted analysis—covering creators, consumers, legal ambiguities, historical precedents, and even a bit of conspiracy theorizing. From Romanian election recalls to the potential for government ownership of social media, Josh explores the messy intersection of technology, democracy, and geopolitics. Whether you’re a TikTok skeptic or a free-speech advocate, this episode offers plenty to chew on.Joining the mailing list to participate: Main Topics Discussed* The TikTok Ban Overview* Listener question: Thoughts on the TikTok ban, national security allegations, and Trump’s 75-day enforcement delay.* Josh’s approach: Analyzing the issue through multiple lenses—creators, consumers, the platform itself, legal precedent, and conspiracy angles.* Creators and Consumers* Sympathy for creators who rely on TikTok for livelihoods, especially those with limited job prospects (e.g., ex-felons, mental health challenges).* Counterpoint: National security may outweigh individual needs; alternative platforms (YouTube Shorts, Instagram Reels, etc.) exist for diversification.* Audience perspective: Claims of First Amendment violations are weak—governments already limit speech for security (e.g., classification).* National Security and Precedents* Historical examples: FDR’s Office of Censorship post-Pearl Harbor, Trump’s WeChat ban, and Russia’s Sputnik/RT restrictions.* TikTok concerns: Data harvesting by China, potential influence ops, and speculative backdoor risks (e.g., Pegasus-style exploits).* Comparison: U.S. tech giants (Meta, Google, X) could pose similar risks—why single out TikTok?* The Law Itself* Critique of the TikTok ban legislation: Vague terms (“foreign adversary,” “significant threat”) invite abuse.* Hypothetical misuse: Could target platforms like X if tied to foreign influence (e.g., Musk’s China ties).* Suggestion: Write clearer laws (e.g., ban data transmission to China) rather than broad, ambiguous bans.* Romanian Election Recall (2024)* Context: Far-right candidate’s lead annulled due to alleged TikTok interference (possibly Russian-linked).* Pro-recall: Evidence of coordinated campaigns; protects electoral integrity.* Anti-recall: Evidence is circumstantial; risks censorship and voter agency.* Broader issue: Balancing tech, democracy, and free speech in the digital age.* Conspiracy Time* Theories debunked: TikTok moving servers to Meta during a blackout—impractical for modern apps.* Speculation: Congress’s shift possibly due to classified briefings (e.g., NSA findings).* Trump’s reversal: Political strategy, donor influence (Jeff Yass), or a deal-making play for U.S. ownership.* Trump’s 75-Day Delay and Future Outlook* Possible motives: Appealing to young voters, donor pressure, or negotiating U.S. stakes in TikTok.* Innovative idea: Government ownership of tech stakes (e.g., Alaska’s oil fund model) to benefit taxpayers.* Prediction: Ban likely upheld, but TikTok persists under U.S. ownership (e.g., Oracle, Musk).Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* http(s)://www.youtube.com/watch?v=e1pTCSFrkbk&ab_channel=All-InPodcast* https://en.wikipedia.org/wiki/Office_of_Censorship* https://newsroom.tiktok.com/en-eu/continuing-to-protect-the-integrity-of-tiktok-during-romanian-elections* https://www.bbc.com/news/articles/cm2v13nz202o* https://x.com/mtaibbi/status/1865269938597879902* https://x.com/mtracey/status/1865097680805839008Credits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions inDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description: Intrusions and Depth welcomes its first-ever guest, John Prieto, a cybersecurity professional with experience at CrowdStrike, Mandiant, USAA, and the U.S. Air Force. Together, they dissect the chaotic rise and fall of the Lapsus$ hacking group—a crew of teenagers who turned the cybersecurity world upside down with brazen attacks on tech giants like Microsoft, Nvidia, and Rockstar Games.Josh and John explore how Lapsus$ used social engineering, MFA fatigue, and even taunted their victims on social media, all while making rookie mistakes that led to their downfall. They also dive into the murky world of ransomware crews, the evolution of financially motivated cybercrime, and the blurred lines between threat actor clustering and sanctions.Main Topics Discussed:* Lapsus$: The Chaotic Rise & Brazen Attacks* How a group of teenagers breached top corporations using unsophisticated yet highly effective tactics.* Their public Telegram channel, taunts, and lack of operational security (OPSEC).* Incident Response & Attribution Challenges* John shares behind-the-scenes insights from responding to Lapsus$ intrusions.* How security firms track threat actors despite constantly changing tactics and naming conventions.* The Immature Yet Dangerous Nature of APT Teens* Comparing Lapsus$ to professional ransomware gangs—why their unpredictability made them so dangerous.* The business dynamics of Ransomware as a Service.* The Future of Cybercrime & Security Lessons* The rising threat of hacktivist-style APT teens and their potential impact on infrastructure.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* htt(p)s://www.youtube.com/watch?ab_channel=NextGenHacker101* https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf* https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/Support the Podcast! USE MY LINKS!!* deleteme.com promotional linkCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

PsyOps, short for psychological operations, involves the use of tactics to influence emotions, perceptions, and behavior. This series explores the diverse applications of psychological influence, from media strategies to social interactions. There’s no specific order or structured episodes—each piece stands on its own, offering unique insights into the power of persuasion. To explore the entire series, click hereEpisode Description: In this episode of Intrusions InDepth, Josh Stepp explores the fascinating world of psychological operations (PSYOPs) and information warfare. Using a recent 60 Minutes interview about alleged Mossad operations against Hezbollah as a case study, Josh delves into the tactics, ethics, and impact of these covert influence campaigns while analyzing the interview itself as a PsyOp, highlighting the power of narrative control and perception manipulation in modern conflicts.Topics Discussed:* PsyOp Fundamentals: An overview of PsyOp, their purpose, and applications in various contexts.* The Pager and Walkie Talkie Attacks: A detailed account of the alleged Mossad operation, including the meticulous planning, device modification, and execution of the attacks on Hezbollah.* The 60 Minutes Interview as a PsyOp: An analysis of the interview itself as a strategic tool for information warfare, shaping perceptions, and influencing adversaries.* Open Source Intelligence (OSINT) Analysis: A demonstration of OSINT analysis techniques using the 60 Minutes interview as an example, evaluating source credibility and identifying potential motives behind the information.* The Ethics and Effectiveness of PSYOPs: A discussion on the ethical considerations surrounding PSYOPs and their effectiveness in achieving long-term strategic goals.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://www.cbsnews.com/news/israeli-mossad-pager-walkie-talkie-hezbollah-plot-60-minutes/* https://irp.fas.org/doddir/army/atp2-22-9.pdf* https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/* https://www.reuters.com/world/middle-east/irans-ambassador-lebanon-injured-by-pager-explosion-2024-09-17/* By Way of Deception by Victor Ostrovsky & Claire Hoy* https://en.wikipedia.org/wiki/Calls_for_the_destruction_of_Israel* https://www(.)youtube(.)com/watch?v=FLUUUZWjfGk&t=1s&pp=ygURNjAgbWludXRlcyBtb3NzYWQ%3DCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description:In this episode of Intrusions and Depth, Josh Stepp unpacks the audacious rise and chaotic downfall of the Lapsus$ hacking collective. Known for targeting some of the biggest names in technology, including Microsoft, Nvidia, and Rockstar Games, this group rewrote the playbook on cybercrime with tactics as unconventional as their teenage leadership. From SIM-swapping and MFA fatigue attacks to social engineering and public Telegram boasts, Josh examines how Lapsus$ exposed glaring vulnerabilities in global cybersecurity defenses while raising ethical questions about balancing punishment and rehabilitation for young offenders.Main Topics Discussed:* The Rise of Lapsus$* Lapsus$ emerged in 2021 as a flamboyant hacking group known for bold, public-facing tactics, including defacing websites and leaking sensitive corporate data.* Their attacks included high-profile breaches at companies like Microsoft, Nvidia, Uber, and Rockstar Games.* Methods and Tactics* Lapsus$ favored social engineering over sophisticated exploits, using techniques like SIM-swapping, MFA fatigue, and exploiting support team access to gain entry.* A notable hallmark was their public taunting of victims and recruitment via Telegram.* High-Profile Breaches* Nvidia: Demanded removal of the cryptocurrency mining limiter from GPUs, escalating into a public back-and-forth.* Microsoft: Compromised 37GB of source code for Bing and other internal projects.* Rockstar Games: Leaked early footage of Grand Theft Auto VI, sparking fan outrage and security debates.* The Downfall* Arrests in 2022 and 2023 revealed the group’s youthful composition, with some members as young as 16.* The sentencing of leader Arion Kurtaj to indefinite detention highlighted the intersection of cybercrime and mental health issues.* Lessons for Cybersecurity* Reflections on how Lapsus$ forced global organizations to rethink their reliance on MFA and social engineering defenses.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://www.bbc.com/news/technology-66549159* https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf* https://www.reuters.com/world/americas/bolsonaro-dismisses-vaccination-requirement-entry-into-brazil-2021-12-07/* https://www.reuters.com/technology/brazils-health-ministry-website-hit-by-hacker-attack-systems-down-2021-12-10/* https://www.zdnet.com/article/brazilian-ministry-of-health-suffers-cyberattack-and-covid-19-vaccination-data-vanishes/* https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/* https://blog.checkpoint.com/security/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected/* https://malpedia.caad.fkie.fraunhofer.de/actor/lapsus* https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf* https://techcommunity.microsoft.com/discussions/securityandcompliance/new-blog-post--dev-0537-criminal-actor-targeting-organizations-for-data-exfiltra/3264957* https://en.wikipedia.org/wiki/Samy_Kamkar* https://krebsonsecurity.com/2022/04/the-original-apt-advanced-persistent-teenagers/* https://unit42.paloaltonetworks.com/lapsus-group/* https://x.com/vxunderground/status/1506114493067186183/photo/4* https://www.darkreading.com/cyberattacks-data-breaches/ransomware-group-s-claim-that-it-hacked-okta-prompts-concerns-of-another-solarwinds* https://www.law.cornell.edu/wex/chevron_deference* https://www.zscaler.com/blogs/product-insights/what-you-need-know-about-lapsus-supply-chain-attacks* https://www.uber.com/newsroom/security-update* https://blog.avast.com/nvidia-allegedly-hacks-back-avast* https://www.crn.com/news/security/nvidia-hacks-ransomware-gang-back-to-block-data-leaks-group-claims?* https://www.spiceworks.com/it-security/data-security/news/nvidia-data-breach-lapsus/* https://www.threatdown.com/blog/nvidia-the-ransomware-breach-with-some-plot-twists/* https://www.wired.com/story/lapsus-hacking-group-extortion-nvidia-samsung/* https://www.optimumsr.co.uk/anniversary-of-the-lapsus-hack-on-rockstar-what-have-we-learned/* https://www.bleepingcomputer.com/news/security/e-commerce-giant-mercado-libre-confirms-source-code-data-breach/* https://www.bleepingcomputer.com/news/security/samsung-confirms-hackers-stole-galaxy-devices-source-code/* https://www.bleepingcomputer.com/news/security/nvidia-data-breach-exposed-credentials-of-over-71-000-employees/* https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/* https://therecord.media/rockstar-confirms-cyberattack-leak-of-confidential-data-including-gta-6-footage* https://therecord.media/british-prosecutors-accuse-teen-lapsus-member-of-uber-revolut-rockstar-hacks* https://flashpoint.io/blog/lapsus/* https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/* https://www.aha.org/system/files/media/file/2022/04/hc3-tlp-white-threat-briefing-lapsus%24-okta-and-the-health-sector-4-7-22.pdf* https://x.com/davidmarcus/status/1862867849988944361* https://www.businessinsider.com/meta-libra-crypto-project-regulators-david-marcus-2024-12* https://archive.is/xGIdu* https://www.sophos.com/en-us/content/pacific-rim* https://www.brennancenter.org/our-work/analysis-opinion/house-passes-section-702-reauthorization-bill-without-protections-againstCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description: This episode breaks down insights from the 2024 Global Threat Report by Elastic and the 2024 Digital Defense Report from Microsoft. It explores the blurring lines between state-sponsored hackers and cybercriminals, the rising role of generative AI in cyber-attacks and propaganda, and the use of commodity malware by sophisticated threat actors. Josh shares both the report highlights and his reflections on how these trends reshape the cybersecurity landscape, especially in light of ongoing geopolitical tensions. Topics Discussed:* Blurred Lines Between Nation-State and Cybercriminal ActivitiesHow state-sponsored actors, including those from North Korea and Iran, increasingly adopt criminal tactics for financial gain, with North Korea using cybercrime to fund its nuclear and missile programs.* Generative AI and Its Role in Cyber ThreatsA deep dive into the uses of generative AI by both defenders and attackers, including the development of sophisticated phishing scams, influence operations, and automated malware production.* Commodity Malware and Open-Source ToolsThe use of off-the-shelf hacking tools like Cobalt Strike and Sliver, which simplify cyber operations for threat actors. Josh explores how these tools blur the line between advanced and lower-skill attacks.* Social Engineering and AI-Powered PhishingInsights from the reports show how generative AI enables more tailored and realistic phishing campaigns, amplifying the effectiveness of social engineering at scale.* State-Backed Influence Operations via AICase studies of AI-driven influence campaigns, including Russia’s deepfake audio tactics in Slovakia and China’s misinformation campaigns, demonstrate AI’s role in sowing discord and manipulating public perception globally.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://www.elastic.co/resources/security/report/global-threat-report* https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024* https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse* https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine* https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver* https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/* https://attack.mitre.org/groups/G0138/* https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming* https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/* https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a* https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises* https://www.reuters.com/world/us/accused-iranian-hackers-successfully-peddle-stolen-trump-emails-2024-10-25/* https://www.reuters.com/world/us-issues-iran-related-sanctions-over-election-interference-2024-09-27/* https://www.npr.org/2023/09/28/1202110410/how-rumors-and-conspiracy-theories-got-in-the-way-of-mauis-fire-recovery* https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html* https://securityintelligence.com/articles/malicious-ai-worm-targeting-generative-ai/* https://cert.gov.ua/article/6278521* https://cloud.google.com/blog/topics/threat-intelligence/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoorCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Episode Description: In this episode of IntrusionsInDepth, host Josh Stepp uncovers the story of how a Ukrainian-developed artillery targeting app, designed to assist soldiers on the battlefield, was compromised by the Russian cyber espionage group Fancy Bear. The episode explores the technical breakdown of the malware used, its devastating impact on Ukrainian forces, and the broader implications of integrating technology into warfare. Josh takes listeners through the timeline of events from 2014-2016 and discusses the challenges of attribution, malware analysis, and the future of cyber warfare as an integrated component of military operations.Main Topics Discussed:* The Compromise of the D-30 Howitzer App* The episode kicks off with a discussion on the Ukrainian artillery officer Yaroslav Sherstuk’s development of the Correction-D30 app, which sped up artillery targeting. Fancy Bear, a Russian cyber espionage group, inserted X-Agent malware into a trojanized version of the app, leading to devastating consequences for Ukrainian artillery.* Understanding the D-30 Howitzer* Josh explains the technical aspects of the D-30 Howitzer, a Soviet-designed 122mm artillery piece, and how the Correction-D30 app was designed to speed up targeting calculations, increasing efficiency and accuracy in battle.* Fancy Bear and the X-Agent Malware* The episode provides an in-depth analysis of Fancy Bear’s use of the X-Agent malware in compromising the app. This includes a technical breakdown of how the malware worked, including its reconnaissance capabilities, use of Android’s built-in APIs, and its ability to collect sensitive data from infected devices.* Impact of the Malware on Ukrainian Forces* Josh examines how the malware allowed Russian forces to track Ukrainian artillery movements, leading to the loss of up to 20% of Ukraine’s D-30 Howitzers in combat. The discussion touches on the implications of this kind of cyber warfare for real-world military tactics.* Attribution Challenges* The episode delves into the complexities of attributing the attack to Fancy Bear, touching on the challenges of tracking malware use across different threat actors. Josh discusses how Crowdstrike and other security firms identified Fancy Bear’s involvement and the challenges of confirming attribution with certainty.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf* https://web-assets.esetstatic.com/wls/2016/10/eset-sednit-part-2.pdf* https://en.interfax.com.ua/news/general/395186.html* https://blog.focal-point.com/focal-point-releases-malware-analysis-of-android-x-agent-implant* https://www.scribd.com/document/468214030/X-Agent-Malware-Technical-Analysis-Focal-Point* https://www.realclearinvestigations.com/articles/2020/05/13/hidden_over_2_years_dem_cyber-firms_sworn_testimony_it_had_no_proof_of_russian_hack_of_dnc_123596.html* https://www.crowdstrike.com/en-us/blog/bears-midst-intrusion-democratic-national-committee/* Change Agents - Dmitri AlperovitchBooks:* Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro Credits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this episode of Intrusions In-Depth, host Josh Stepp dives into the infamous 2014 Sony hack, where North Korea allegedly targeted Sony Pictures over the controversial film The Interview. The episode explores the timeline of the hack, technical analysis of the malware used, and the political implications, including the response from President Obama. Josh also examines various conspiracy theories surrounding the hack, including speculation about Russian involvement and insider threats.Main Topics:1. The Sony Hack: Overview and Timeline* Sony Pictures' preparation for The Interview, a comedy about the assassination of North Korea’s leader Kim Jong-un.* Initial breach in September 2014 via phishing emails, followed by months of network snooping.* November 2014: The attack escalates, wiping Sony’s systems and leaking sensitive data, including unreleased films and employee information.2. North Korea’s Motives and Threats* North Korea's public condemnation of The Interview as an act of war and terrorism through UN complaints.* Connection to North Korean propaganda and the Kim regime’s intolerance for mockery in media.* Analysis of North Korea's use of cinema for internal propaganda and their extreme reaction to the film.3. Technical Breakdown of the Attack* Discussion of the malware used: Destover, a wiper designed to erase Sony's files.* FBI’s findings on how the malware operated, wiping systems and exfiltrating large amounts of data.* Comparison to previous North Korean cyberattacks like the Dark Seoul and Shamoon campaigns.4. Political Fallout and Obama’s Response* President Obama's statement condemning the censorship attempt and Sony’s initial decision to pull the film.* The FBI's conclusion that North Korea was responsible for the attack, despite some skepticism from the cybersecurity community.* Analysis of Sony's defense and Obama’s commitment to respond to the attack.5. Theories and Conspiracies: Was It Really North Korea?* Speculation on Russian involvement and alternative theories involving disgruntled Sony employees.* FBI's indictment of North Korean hacker Park Jin Hyok in 2018, tying him to the Sony hack and other cybercrimes.* Discussion of whether the attack was a multi-party effort or framed to implicate North Korea.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea* https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and* https://coverlink.com/case-study/sony-pictures-entertainment-hack/* https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack* https://apps.dtic.mil/sti/pdfs/AD1046744.pdf* https://www.fbi.gov/news/press-releases/update-on-sony-investigation* https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know* https://www.nccgroup.com/us/the-lazarus-group-north-korean-scourge-for-plus10-years/* https://foreignpolicy.com/2018/04/11/north-korean-destructive-malware-is-back-says-dhs-report/* https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/bkdr_wipall.e* https://www.securityweek.com/researchers-analyze-data-wiping-malware-used-sony-attack/* https://www.scmagazine.com/news/analysis-of-wiper-malware-implicated-in-sony-breach-exposes-shamoon-style-attacks* https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/NukeSped* https://lamag.com/film/sony-hack* https://www.hollywoodreporter.com/movies/movie-features/five-years-who-hacked-sony-1257591/* https://www.darkreading.com/cyberattacks-data-breaches/report-russian-hacker-broke-into-sony-is-still-there* https://www.kaspersky.com/blog/operation-blockbuster/11407/* https://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727/* https://www.bankinfosecurity.com/destover-taps-stolen-sony-certificate-a-7660* https://securelist.com/destover/67985/* https://securelist.com/shamoon-the-wiper-in-details/34369/* https://www.bankinfosecurity.com/sony-hack-destover-malware-identified-a-7638* https://www.darkreading.com/cyberattacks-data-breaches/sony-hackers-knew-details-of-sony-s-entire-it-infrastructure* https://securityaffairs.com/42194/malware/destover-malware-analysis.html* https://info.publicintelligence.net/FBI-KoreanMalware.pdf* https://en.wikipedia.org/wiki/Park_Jin_Hyok* https://www.nknews.org/2023/02/south-korea-issues-first-ever-cyber-sanctions-against-north-korea/* https://mynorthkorea.blogspot.com/* https://www.kaspersky.com/blog/operation-blockbuster/11407/* https://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727/* https://www.bankinfosecurity.com/destover-taps-stolen-sony-certificate-a-7660* https://securelist.com/destover/67985/* https://securelist.com/shamoon-the-wiper-in-details/34369/* https://www.bankinfosecurity.com/sony-hack-destover-malware-identified-a-7638* https://www.darkreading.com/cyberattacks-data-breaches/sony-hackers-knew-details-of-sony-s-entire-it-infrastructure* https://securityaffairs.com/42194/malware/destover-malware-analysis.html* https://info.publicintelligence.net/FBI-KoreanMalware.pdf* https://www.lexology.com/library/detail.aspx?g=79955aa7-ed24-417a-8492-34a7af42daf7#:~:text=The%20Court%20rejected%20Capital%20One's,protected%20by%20attorney%2Dclient%20privilege.* https://darknetdiaries.com/episode/147/* https://www.kaspersky.com/blog/operation-blockbuster/11407/Books:* The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War by Geoff White* In Order to Live: A North Korean Girl's Journey to Freedom by Yeomi Park* The Girl with Seven Names: A North Korean Defector’s Story by Hyeonseo Lee* Dear Reader: The Unauthorized Autobiography of Kim Jong Il by Michael MaliceCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this episode of Intrusions InDepth, Josh Stepp delves into the complexities of information warfare and its intersection with cyber warfare. Drawing on historical examples and modern tactics, Josh explores how disinformation, psychological operations, and propaganda shape modern conflicts.Key Topics Discussed:* Defining Information Warfare* What is information warfare? Josh explains the definition, focusing on data collection, propaganda, and psychological warfare as non-physical tactics.* Reference to Wikipedia’s definition of information warfare, dissecting how it involves everything but direct, physical attacks.* Historical Comparisons* Josh compares ancient and historical military strategies, such as the Roman sieges, World War II bombings, and propaganda campaigns, to today's cyber tactics.* Examples from WWII, including British radio propaganda efforts against Nazi Germany, and the lessons learned from those operations.* Cyber Warfare Today* How cyber operations (like the CrowdStrike incident) are used in modern warfare, particularly in Ukraine and Russia, and the limitations of these efforts.* Real-world examples of Russian cyber operations and their effectiveness in current conflicts, emphasizing return on investment (ROI) and tactical advantages.* Propaganda and Psychological Operations* A discussion on the role of propaganda in undermining enemy morale, from ancient leaflets to modern social media disinformation campaigns.* Josh emphasizes the ethical considerations surrounding these tactics, and whether they violate the rules of war and international norms.* Impact of Social Media and Modern Technologies* How modern platforms like TikTok, deepfakes, and other technologies amplify the effects of information warfare.* Josh addresses the current debate on whether apps like TikTok are being used for state-sponsored influence operations and propaganda.* War Crimes and Civilian Targeting* Ethical concerns about targeting civilian infrastructure during conflicts, touching on debates about war crimes and dual-use facilities (e.g., water, power, and roads).* Discussion on proportionality and the Geneva Conventions in the context of modern and historical conflicts.Takeaways:* Information warfare is a broad, evolving concept that has roots in historical military strategies but is amplified in the digital age through cyber and social media platforms.* Cyber warfare, while potentially disruptive, often serves as a complement to traditional military actions rather than as a standalone strategy.* Propaganda and psychological operations continue to play a significant role in shaping public opinion and undermining the enemy’s morale, with ethical dilemmas still prevalent.* Social media platforms and technologies like TikTok are potentially powerful tools in modern information warfare, with ongoing debates about their role in influencing public opinion.Mentioned Resources:* How to Win an Information War by Peter Pomerantsev * Risky Business Podcast – Between Two Nerds* Battle of Alesia* Blitzed: Drugs in the Third Reich by Norman OhlerDisclaimer:The views expressed in this podcast are those of the host and do not reflect the official stance of any affiliated organizations. The podcast is based on publicly available materials and does not contain any classified or proprietary information.Credits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this final episode of "The Curious Case of PhineasFisher," host Josh Stepp dives deep into the legacy of one of the most infamous hacktivists of our time. From exposing the dark side of commercial spyware to inspiring a new generation of cyber-revolutionaries, PhineasFisher’s impact on the world of hacktivism is undeniable. The episode explores key moments in PhineasFisher's career, their influence on modern hacktivist movements, and a technical breakdown of recent attacks inspired by their methods.Main Topics:1. PhineasFisher: The Cyber-Robin Hood* The Gamma Group Hack (2014): PhineasFisher’s debut, exposing a company selling surveillance software to oppressive regimes.* The Hacking Team Breach (2015): A massive data leak that revealed the inner workings of Hacking Team and sparked global controversy.2. Hacktivism as Political Theater* Redistribution of Wealth: How PhineasFisher claimed to steal €10,000 from a bank and donate it to a revolutionary cause in Syria.* The Hacktivist Bug Hunting Program: PhineasFisher’s initiative offering bounties for politically motivated hacks, targeting major corporations.3. The Guacamaya Connection* Emergence of Guacamaya (2022): A new hacktivist group taking inspiration from PhineasFisher, targeting mining and oil companies in Latin America.* Guacamaya’s Philosophy: A manifesto calling for the sabotage of Western companies exploiting Central America’s natural resources.4. Technical Breakdown: Guacamaya’s Attack on Pronico* Exploiting Vulnerabilities: Use of Microsoft Exchange flaws and social engineering to infiltrate systems.* The Cyber Knife Fight: A detailed look at the cat-and-mouse game between Guacamaya and Pronico’s IT team during the attack.5. The Legacy of PhineasFisher* Inspiring the Next Generation: How PhineasFisher’s hacktivism has become a blueprint for others to follow.* Ethics and Impact: The broader implications of using hacking for social change, and the risks involved.Subscribe:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://therecord.media/chamelgang-china-apt-ransomware-distraction* https://www.vice.com/en/article/meet-the-environmental-hacktivists-trying-to-sabotage-mining-companies/* https://data.ddosecrets.com/MilicoLeaks/README.txt* https://www.vice.com/en/article/phineas-fisher-says-they-paid-dollar10000-bounty-to-person-who-hacked-chilean-military/* https://www.vice.com/en/article/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies/* https://en.wikipedia.org/wiki/Guacamaya_(hacktivist_group)* https://cyberscoop.com/environmentalist-hacktivist-collective-mining-company/* https://latinoamerica21.com/en/guacamaya-hacktivists-from-the-global-south/* https://malpedia.caad.fkie.fraunhofer.de/actor/guacamaya* https://therecord.media/interview-with-guacamaya-hacktivist-group-latin-america* https://enlacehacktivista.org/comunicado_guacamaya.txt* https://enlacehacktivista.org/index.php/Milico_Leaks* https://enlacehacktivista.org/index.php?title=File:MILICOS_CULIAOS_LEAK.txtCredits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this episode of Intrusions in Depth, host Josh Stepp explores the intriguing theory that Phineas Fisher may be linked to Russian intelligence. Inspired by a listener's email and drawing on various data points and historical incidents, Josh delves into the possibility of Phineas Fisher being a Russian asset, comparing their tactics to those of known cybercriminals and government operatives.Main Topics:1. History of Cyber Operations and Notable Cases* Examination of various APT (Advanced Persistent Threat) groups and their activities, including Fancy Bear (APT 28) and the Lazarus Group.* Discussion on how cybercriminals often evade capture due to operating out of countries that do not cooperate with international law enforcement.2. Chaos Agent: Maksym Igor Popov* Detailed account of Popov's activities, including his dual role as an informant and a hacker.* Comparisons between Popov's tactics and those of Phineas Fisher, highlighting the use of disinformation and false flag operations.3. Analysis of the AKP Attack and WikiLeaks Involvement* Examination of the AKP email dump and its timing with the Turkish coup attempt.* Discussion on the use of a specific IP address linked to Russian cyber activities and its implications for the theory.4. Potential Connections and Speculative Points* Analysis of various indicators that could suggest a link between Phineas Fisher and Russian interests.* Consideration of the broader geopolitical context and the use of hacking as a tool for political influence.Call to Action:* Subscribe to the podcast for more episodes on high-profile cyber intrusions.* Visit our website at intrusionsindepth.com for additional stories and insights.* Share your thoughts on social media using #IntrusionsInDepth.Links and Resources:* https://nkwt.blogspot.com/p/informazioni.html* https://www.vice.com/en/article/what-went-wrong-with-the-turkey-data-dump/* https://emma.best/2019/03/20/the-russian-contractor-who-infiltrated-anonymous/* https://www.techtarget.com/searchsecurity/news/252518151/Iranian-APT-Cobalt-Illusion-launching-ransomware-attacks* https://www.bankinfosecurity.com/isoon-leak-shows-links-to-chinese-apt-groups-a-24713* https://en.wikipedia.org/wiki/Jeremy_Hammond* https://www.darknet.org.uk/2016/04/phishing-frenzy-e-mail-phishing-framework/* https://www.history.com/news/whitey-bulger-fbi-informant* https://archive.is/REs0G* https://web.archive.org/web/20160418221027/https://twitter.com/gammagrouppr* https://archive.org/details/MaksymIgorPopov/POPOV%2C+Maksym+Igor/HILBERT/popov-flashes-cash.mp4* https://www.wired.com/2016/05/maksym-igor-popov-fbi/* https://emma.best/2018/11/15/sealed-files-allege-assange-and-wikileaks-solicited-hacks-against-governments-politicians-and-corporations/* https://steemit.com/politics/@tvorhet/why-has-nobody-questioned-the-provenance-of-phineas-fisher* https://threatconnect.com/resource/webinar-guccifer-2-0-the-dnc-hack-and-fancy-bears-oh-my/* https://medium.com/@securityaffairs/evidence-on-hacks-of-the-us-state-election-systems-suggest-russian-origin-682e4f016e0e* https://securityaffairs.com/50754/uncategorized/state-election-systems-hacked.html* https://latesthackingnews.com/2016/09/06/us-state-election-system-hacks-connected-ukraine-power-grid-attacks/* https://news.softpedia.com/news/us-state-election-system-hacks-connected-to-ukraine-power-grid-attacks-508011.shtml* https://securityaffairs.com/49575/hacktivism/phineas-fisher-erdogan-emails.html* ThreatConnect Image of connections:Credits:* Host: Josh Stepp* Produced by: Josh SteppThank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

In this episode of the Intrusions in Depth Podcast, host Josh Stepp delves into the multifaceted story of Phineas Fisher, exploring three significant cyber-attacks: the AKP email release in Turkey, the ethical bank heist at the Cayman National Bank, and the hack of the Catalan police union. Phineas Fisher's actions highlight the intersection of political activism and cyber warfare against global turmoil in 2016, including the Turkish coup attempt and escalating tensions with Russia. Through these attacks, Fisher aimed to expose corruption, support marginalized groups like the Kurdish people, and challenge global economic inequalities, all while sharing detailed tutorials to inspire similar acts of hacktivism.Topics:* Overview of 2016 and Global Context* 2016: A tumultuous year with significant global events including the Trump-Clinton election, the rise of destructive ransomware like NotPetya, and the activities of shadowy hacking groups.* Tensions between Russia and Turkey following the downing of a Russian SU-24 jet by Turkey.* The impact of these events on international relations and cyber activities.2. The Turkish AKP Email Release* Background on Turkey's political landscape, including the long-standing conflict between the Turkish government and Kurdish groups.* The 2016 attempted coup against President Erdogan and its aftermath, including extensive purges.* Phineas Fisher's hack of the AKP and the release of emails, contributing to the theory of their possible connection to Russian interests.3. The Historical Context of the Kurdish-Turkish Conflict* A detailed history of the conflict between the Turkish government and Kurdish people, including the formation of autonomous zones and the role of Kurdish forces in fighting ISIS.* The significance of Rojava and the People's Protection Units (YPG) in the regional power dynamics.* The complex relationship between Turkey and the Kurdish resistance, shaped by decades of violence and political maneuvers.4. Phineas Fisher’s Bank Heist* The ethical robbery of the Cayman National Bank by Phineas Fisher, highlighting their motivations and methods.* The use of stolen funds to support causes aligned with their beliefs, including donations to Kurdish autonomous zones.* The publication of the HackBack manifesto detailing the bank heist and encouraging others to engage in politically motivated cyber attacks.5. The Police Union Hack in Catalonia* Phineas Fisher's hack of the Catalan police union, exposing personal details of officers and highlighting issues of police brutality.* The use of the hack to support the 15M anti-austerity movement in Spain.* The publication of a detailed tutorial on how to conduct similar hacks, aiming to inspire others to take action against perceived injustices.Show Notes* Cult of the Dead Cow* Stats On Stats Podcast : https://www.youtube.com/@StatsOnStats* https://www.helpnetsecurity.com/2016/05/20/phineas-fisher-records-latest-attack/* https://www.aljazeera.com/news/2016/7/19/turkey-wikileaks-releases-thousands-of-akp-emails* https://securityaffairs.com/49564/hacktivism/erdogan-emails-wikileaks-banned-in-turkey.html* https://github.com/bontchev/wlscrape/blob/master/malware.md* https://hackread.com/wikileaks-turkish-akp-dumps-contain-malware/* https://www.vice.com/en/article/vv77y9/phineas-fisher-sme* https://www.vice.com/en/article/3dpkp3/phineas-fisher-raids* https://www.vice.com/en/article/xy5enw/hacking-teams-phineas-fisher-will-return-but-only-after-a-break-at-the-beach* https://www.vice.com/en/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank* https://arstechnica.com/information-technology/2016/05/robin-hood-hacker-rojava-syria-bitcoin-donation/* https://www.vice.com/en/article/qv7y8m/vigilante-hacker-phineas-fisher-denies-working-for-the-russian-government* https://www.vice.com/en/article/yp3n55/phineas-fisher-turkish-government-hack* https://theanarchistlibrary.org/library/subcowmandante-marcos-hack-back* https://theanarchistlibrary.org/library/subcowmandante-marcos-hack-back#fn46* https://securityaffairs.com/49575/hacktivism/phineas-fisher-erdogan-emails.html* https://en.wikipedia.org/wiki/Zeynep_K%C4%B1nac%C4%B1* https://www.themoscowtimes.com/2016/07/21/russia-warned-turkey-about-imminent-coup-a54674 Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

Topics:1. Introduction to PhineasFisher and Hacking Team* A brief recap of part one and its focus on Gamma Group.* Overview of PhineasFisher’s most notorious hack on Hacking Team in 2015.* The hack exposed over 400GB of internal data, shedding light on the company’s shady dealings.2. The Hacking Team Leak* A detailed description of Hacking Team’s activities and their flagship product, Remote Control System (RCS).* Impact of the leaked data, including emails, client lists, and source code.* Hacking Team’s role in supplying spyware to authoritarian regimes and the ethical implications.3. The Global Impact and Reactions* The Italian government’s response: revoking Hacking Team’s export license.* The EU’s reclassification of spyware as dual-use goods, complicating exports.* Media coverage and public reaction, including detailed reports by Citizen Lab and others.4. PhineasFisher’s Tactics and Motivation* Technical aspects of the hack: exploiting vulnerabilities, social engineering, and infrastructure setup.* PhineasFisher’s manifesto: critique of modern hacker culture and the call to use hacking as a tool for justice.* The personal risk and the broader message of fighting against oppression through cyber means.5. Aftermath and Lessons Learned* The fallout for Hacking Team: damaged reputation, loss of business, and increased scrutiny.* The broader implications for the commercial spyware industry and its regulation.* Reflections on the ethical considerations of hacktivism and the ongoing debate about surveillance and privacy.Show Notes* Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy* Cult of the Dead Cow* Stats On Stats Podcast : https://www.youtube.com/@StatsOnStats* Iran and Saudi Arabia History* https://www.wsj.com/articles/SB10001424127887323997004578641993388259674* https://theanarchistlibrary.org/library/hack-back-subcowmandante-marcos-phineas-fisher-hack-back-a-diy-guide-hacking-team* https://dohaherald.com/2023/04/28/buildup-resumed-at-suspected-chinese-military-site-in-uae-leak-says/* https://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers* https://citizenlab.ca/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/* https://en.wikipedia.org/wiki/G%C3%BClen_movement#:~:text=The%20G%C3%BClen%20or%20Hizmet%20movement,G%C3%BClen's%20religious%20discourse%20(oration).* https://www.vice.com/en/article/3k9zzk/hacking-team-hacker-phineas-fisher-has-gotten-away-with-it* https://www.aclu.org/press-releases/government-releases-new-court-opinions-highlighting-further-abuse-of-warrantless-fisa-surveillance-program* https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742#:~:text=The%20tipster%20told%20Tau%20the,in%20the%20U.S.%20and%20abroad.* https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/* https://www.vice.com/en/article/neavnm/hacking-team-new-owner-starting-from-scratch* https://www.bloomberg.com/news/articles/2012-10-10/spyware-leaves-trail-to-beaten-activist-through-microsoft-flaw* https://www.cbsnews.com/news/is-turkish-religious-scholar-fethullah-gulen-funding-movement-abroad-through-us-charter-schools/* https://www.theguardian.com/technology/2015/jul/11/hacking-team-hack-state-surveillance-human-rights* https://www.vice.com/en/article/n7wbnd/hacking-team-is-dead* https://www.vice.com/en/article/qv7y8m/vigilante-hacker-phineas-fisher-denies-working-for-the-russian-government* https://www.vice.com/en/article/j5d53b/prosecutor-closes-hacking-team-investigation* https://www.vice.com/en/article/j5d53b/prosecutor-closes-hacking-team-investigation Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe