Anonymous Sudan responds to remarks from the US Secretary of State by targeting Lyft and American hospitals. NSA releases an advisory on North Korean spearphishing campaigns. The US government’s Moonlighter satellite will test cybersecurity in orbit. "Operation Triangulation" offers an occasion for Russia to move closer to IT independence. The SEC drops cases over improper access to Adjudication Memoranda. Executives and board members are easy targets for threat actors trolling for sensitive information. Rick Howard targets Zero Trust. The FBI’s Deputy Assistant Director for Cyber Cynthia Kaiser shares trends from the IC3 Annual Report. And KillNet seems to say it's disbanding…or is it? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/107 Selected reading. U.S. Measures in Response to the Crisis in Sudan (US Department of State) U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence (US National Security Agency) North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media (Joint Cybersecurity Advisory) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency) CVE-2023-34362 Detail (National Institute of Standards and Technology) Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (Mandiant) SpaceX launch sends upgraded solar arrays to International Space Station (Spaceflight Now) Moonlighter Fact Sheet (The Aerospace Corporation) Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space (The Register) Russia wants 2 million phones with home-grown Aurora OS for use by officials (The Record) Russia accuses U.S. of hacking thousands of iPhones (Axios) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Operation Triangulation: Mysterious attack on iPhones (ComputerBild) Killnet hacktivists say they’re disbanding (Cybernews) Second Commission Statement Relating to Certain Administrative Adjudications (US Securities and Exchange Commission) Ponemon: Understanding the Serious Risks to Executives’ Personal Cybersecurity & Digital Lives (BlackCloak)

Galit Lubetzky Sharon, Co-Founder and CTO of Wing Security sits down to share her story and how years in the business lead her to be where she is now. Galit shares her insights from her experiences co-founding her company and bringing it out of stealth mode in early 2022, including why she saw the need for Wing Security and what lessons she learned in the process of founding and launching the company. She started her career as a Colonel in the 8200 Unit gives her a unique perspective on the cyber industry. Galit also shares what she does when things get stressful to help calm her down in the moment and help her clear her head. She says "I think it's very important to do things that you love. It should be something that you come and you bring yourself and your passion and, uh, finding yourself the occupation, the chores, the, the tasks that you love to do brings the, the best out of you." We thank Galit for sharing her story with us.

Brigid O Gorman from Symantec joins Dave to discuss their research, “Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors." Researchers discovered in 2020 that Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, educations, and telecoms organizations in South and Southeast Asia. The research states "The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted." These targets, though observed in some activity in 2020 and 2021, started in 2022 and have continued into 2023. The research can be found here: Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors

MOVEit Transfer software sees exploitation. A website skimmer has been employed against targets in the Americas and Europe. A look into XeGroup's recent criminal activity. Apple denies the FSB’s allegations of collusion with NSA. Kaspersky investigates compromised devices. Johannes Ullrich from SANS describes phony YouTube "live streams". Our guest is Sherry Huang from William and Flora Hewlett Foundation to discuss their grants funding cyber policy studies. And the US Department of Defense provides Starlink services to Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/106 Selected reading. MOVEit Transfer Critical Vulnerability (May 2023) (Progress Software) Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability (Rapid7) New MOVEit Transfer zero-day mass-exploited in data theft attacks (BleepingComputer) Hackers use flaw in popular file transfer tool to steal data, researchers say (Reuters) New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others (Akamai) Not your average Joe: An analysis of the XeGroup’s attack techniques (Menlo Security) Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin (The Hacker News) Apple denies surveillance claims made by Russia's FSB (Reuters) FSB uncovers US intelligence operation via malware on Apple mobile phones (TASS) Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own (WIRED) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Lithuania becomes first to designate Russia as terrorist state (CSCE) Pentagon confirms SpaceX deal for Ukraine Starlink services (C4ISRNET)

A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a “significant forensic discrepancy” in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/105 Selected reading. Supply Chain Risk from Gigabyte App Center backdoor (Eclypsium) Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox) Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB) Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop) Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal) Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga) 2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (Reddit) An In-Depth Look at Cuba Ransomware (Avertium) Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (The Record) Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters) Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (The New York Times