ESET Research podcast

When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy, group that can avoid all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this is one noisy, extremely active Russia-aligned group that does not care if defenders uncover its activities. However, it is also an actor that develops and improves its cyberespionage tools and techniques literally every day. If you want to know more about Gamaredon’s modus operandi, victimology, tooling, or estimated geolocation, then listen to the debate of ESET Researchers Robert Lipovský and Zoltán Rusnák. For full details, read more in ESET’s recently published white paper on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Robert Lipovský, ESET Principal Malware Researcher
Zoltán Rusnák, ESET Senior Malware Researcher
Materials:
ESET blogpost on Gamaredon activity in 2022 and 2023
ESET white paper on Gamaredon activity in 2022 and 2023
SSU report on activities of Gamaredon

Some cybercriminals are sophisticated, cooperate with other attackers, and do everything to stay under the radar. Then there are threat actors like CosmicBeetle that lack the necessary skills set, yet still manage to compromise systems and even achieve “stealth” by using odd, impractical and overcomplicated techniques. If you want to know more about this crude and clumsy actor, listen to ESET senior malware researcher Jakub Souček talk about his research findings with our host Distinguished Researcher Aryeh Goretsky. For a detailed report on CosmicBeetle visit WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Jakub Souček, ESET senior Malware Researcher
Materials:
CosmicBeetle steps up: Probation period at RansomHub

Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability. ESET malware researcher Lukáš Štefanko ran into such an exploit – which ESET named EvilVideo – being sold online. In the discussion with our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes the findings of his analysis, including which platforms were affected, what malware can be bundled with EvilVideo, and how Telegram developers reacted when ESET reached out to report the vulnerability. If you want to read more about EvilVideo or our other research findings, head to WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Lukáš Štefanko, ESET Malware Researcher
Materials:
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
PS: For those of our listeners who are attending the 2024 ESET Technology Conference and playing along with our game of capture the flag, the flag for the CTF challenge named “Radio Broadcast” is: podcasts_are_new_books.

In this episode, ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky detail recently discovered unusual adware called HotPage. This trojan caught attention of researchers by using a Microsoft-signed, yet vulnerable, kernel driver to inject and manipulate what victims see in their browsers. With its advanced technical means and targeting of Chinese internet cafes and gamers, it shows that even adware creators can invest extra time and effort to innovate their malicious products.
 
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Robert Lipovsky, ESET Principal Threat Intelligence Researcher
Materials:
HotPage: Story of a signed, vulnerable, ad-injecting driver

The I-SOON data leak has allowed us to identify FishMonger, a group notorious for the cyberattacks against Hong Kong universities back in 2019, as I-SOON. This contractor also developed a platform for tracking gambling activity, linking the group to Operation ChattyGoblin. MustangPanda conducted a series of attacks on cargo shipping companies in Norway, Greece, and the Netherlands, even compromising the ships’ systems. Since the Hamas-led attack on Israel in 2023, Iran-aligned groups have shifted focus to impact attacks. Visit WeLiveSecurity to read about other topics covered in the the latest ESET APT Activity Report.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Robert Lipovský, ESET Principal Malware Researcher
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports

In 2023, ESET detected over 675,000 attempts to access malicious domains abusing the popularity of ChatGPT; some offer bring-your-own-key web apps that can steal OpenAI API keys. Apart from AI, in H2 the Cl0p ransomware gang exploited MOVEit software, causing a staggering $14 billion in damages. The IoT landscape faced the new Pandora botnet, compromising Android devices via malicious firmware updates or pirated content apps. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2023. Visit WeLiveSecurity to read about other topics it covers.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: René Holt, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports

In this episode, ESET researchers Radek Jizba and Jakub Souček talk about the dynamics within and between various Neanderthal groups, the techniques that this horde of scammers uses to find the best Mammoths, and especially about Neanderthals teaching each other how to wield the cybercriminal tool Telekopye effectively. While this might seem like an odd topic for a podcast about cybersecurity, quite the contrary. Telekopye is the name of a highly automated malicious toolkit implemented as a Telegram bot, that cybercriminals use to deceive unsuspecting users on online marketplaces. If you want to read more before listening, head to the research articles published on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Radek Jizba, ESET Malware Researcher
Jakub Souček, ESET Malware Researcher
Materials:
Telekopye: Hunting Mammoths using Telegram bot
Telekopye: Chamber of Neanderthals’ secrets

In H1 2023, intrusion vectors were closing left and right. This forced many cybercriminals to search for alternative ways to compromise devices of their victims. While some of the attackers tried revisiting old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages, others kickstarted several Android apps running usury schemes. But there’s also good news. Emotet botnet went quiet after a month of dwindling and ineffective campaigning, and Redline stealer – a notorious malware-as-a-service – has been disrupted by ESET researchers and their friends at Flare systems. Of course, this podcast episode can only cover so much of the ESET Threat report. If you wish to learn about other topics it covers, visit WeLiveSecurity.
Discussed: Sextortion and text-based threats 1:46, brute force attacks on MS SQL servers 7:10, usury Android apps 9:20, Emotet activity 13:25, RedLine Stealer disruption 16:45.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Ondrej Kubovic, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports