Hi, I'm Ryan Levy.

Welcome to Cyber reasons Malicious Life. 15 years ago a number of high-profile Tibetan monks received the same innocent seeming

nondescript email.

Yes, monks sometimes have email.

Those who clicked the attached dock or PDF files now loaded a Trojan

horse which often led to a second malware, Ghost Rat. Ghost Rat undpend the Ghost Net operation we discussed on this podcast a couple of years back, in which China

spied on economic, political and media targets in over 100 countries.

It worked by taking advantage of vulnerabilities in Microsoft Office and Adobe Acrobat,

often flying under the radar, but sometimes causing a flash on screen or outright

crashing an application.

The result, though, was powerful, enabling China to download further malware, steal documents, or simply spy on their targets

via their keyboards, microphones, and webcams. camps.

This generally is how most of us think of hacking. An infection vector, usually simple social engineering, followed by different stages of malware, which allow

an attacker to establish persistence, move laterally, and cause further actions in a host computer or network.

In recent years, though, hacking has started to not look like this in some meaningful ways.

Cyber attackers, particularly the most advanced nation-state level

APTs, have made a characteristic shift in their tactics. Their new favorite strategy is changing the ballgame not just for them, but for their

victims and the people trying to defend those victims. To demonstrate, we're going to focus on one recent case study.

The origin story for us goes back to August of 2021, where there was disclosure on an attack on in a port in Houston.

John Lambert is a security fellow and corporate vice president at Microsoft who founded the Microsoft Threat Intelligence team.

Two years ago his threat research operation was called in to analyze the forensic data

left over from a cyber attack against a port.

...