Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australia expels Iranian ambassador
• Hackers sabotage Iranian shipping satcoms
• APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?
• Trail of Bits uses image-downscaling to sneak prompts into Google Gemini
• The Com’s King Bob gets ten years in the slammer
• It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.

This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.

This episode is also available on Youtube.

• Embassy staff flee Canberra in dead of night | news.com.au — Australia’s leading news site for latest headlines
• Swedish security service says Iran uses criminal networks in Sweden | Reuters
• Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media
• Microsoft scales back Chinese access to cyber early warning system | Reuters
• Microsoft Didn’t Disclose Key Details to U.S. Officials of China-Based Engineers, Record Shows — ProPublica
• .:: Phrack Magazine ::.
• Uncovering the Chinese Proxy Service Used in APT Campaigns
• Weaponizing image scaling against production AI systems -The Trail of Bits Blog
• FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive
• CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
• Kevin Beaumont: "There’s a bunch of new Netscal…" - Cyberplace
• US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive
• South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities | The Record from Recorded Future News
• SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security
• Chinese national who sabotaged Ohio company’s systems handed four-year jail stint | The Record from Recorded Future News
• Nevada state offices close after wide-ranging 'network security incident' | Reuters
• DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
• Russia weighs Google Meet ban as part of foreign tech crackdown | The Record from Recorded Future News
• Kremlin-Mandated Messaging App Max Is Designed To Spy On Users
• Иеромонах РПЦ Макарий призвал помолиться за мессенджер MAX