Hello and welcome to the Thursday, May 25th, 2023 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Jesse today wrote a diary expanding his cowrie processor tools. It's a Python script that Jesse, I think, originally

developed actually while he was still one of our undergraduate interns. We do use a

carri as part of this program. So one of the questions always comes up is, how do you find

interesting logs? In this particular case, of course, one thing that helps is if you can easily attach

various external data to your logs, and that's what Jesse's script does.

He expanded it now even further, added additional details to it, and has some sort of interesting

little samples to show you what the tool can do is part of this latest diary. So great for

everybody who is using Cowrie and is looking for more efficient ways to look through the logs.

And then you have yet another big announcement from a number of cyber security agencies in different countries in the US here.

For example, the NSA was part of it, but also Australia, Canada, UK and others have taken part in this,

and they assigned the name Walt Typhoon to this particular activity.

Now, whenever you read one of these bulletins, of course, they are describing fairly sophisticated

techniques that were found to be used in very specific cases.

I believe here attacks against power system in Guam, if I got it correctly.

The way you should really read them is look for any of the techniques being described here.

And there's a lot about the use of Living of the Land tools, for example,

but also the use of compromised home routers again.

And try to figure out if you would be able to detect a similar activity in your network.

Because what may happen soon is that you'll see

these techniques being used, for example, by cybercriminals, ransomware gangs and such,

...