New targets, new tools, same threat. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Tech News, News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 19 October 2024

⏱️ 26 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics, and Targets Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K. And now a word from our sponsor,
0:17.0	Security teams face a barrage of more, more security tools, create more complexity. More devices need protection. More security
0:23.0	devices need protection,
0:25.0	more specialized focus areas create more silos.
0:29.0	The security landscape is changing fast.
0:32.0	How can security operations transform to meet current threats?
0:36.0	Cortex by Palo Alto networks consolidates Secop Tools into an integrated platform
0:42.0	and helps organizations stop threats at scale
0:45.0	with AI automation and analytics. Learn more at Palo Alto Networks
0:49.8	dot com slash cortex. Hello.
0:54.0	Hello.
0:55.0	Hello.
0:58.0	Hello, Hello everyone and welcome to the CyberWire's Research Saturday.
1:08.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:15.6	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:21.4	Thanks for joining us.
1:23.0	We originally published some research back around the May 2024 time frame called Operation Crimson Palace about some
1:35.6	China threat actor activity targeting a Southeast Asian government. But it turns
1:42.3	out right after we published the research, the threat actor
1:45.7	came back and resumed their activity with some new tools and tactics and even some new
1:50.5	targets that were involved. And so this year we just published kind of a second part of that research
1:56.6	continuing on with what these China-based threat actors were up to and some of
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.