Multiple Actors, One Breach - Rethinking Threat Models in 2025
In this episode, Julien sits down with Chi En (Ashley) Shen, a distinguished threat researcher at Cisco Talos. Ashley shares her fascinating journey from hacking forums in Taiwan to leading threat intelligence at global giants like Google and Mandiant. Together, they explore the rising trend of compartmentalized cyberattacks, the evolving role of Initial Access Brokers (IABs), and Ashley’s proposed enhancements to the Diamond Model. The episode also dives into her work promoting diversity in cybersecurity through initiatives like HITCON Girls and Raclette.Links:Ashley on BlueskyAshley’s podcast Hacks Between Us (我們之間的駭)Blog article: Redefining IABs: Impacts of compartmentalization on threat tracking and modelingDiamond ModelHITCON GirlsRaclette Switzerland (Cybersecurity Community)Ashley’s upcoming talk at Black Hat USA
--------
36:59
--------
36:59
Operation Crimson Palace
On this episode, Mark Parsons, Senior Threat Hunter at Sophos MDR, discusses his team's investigation into Operation Crimson Palace, which uncovered Chinese state-sponsored cyberespionage targeting a Southeast Asian government. Mark explains how they identified three distinct clusters of activity using advanced malware and evasion techniques, including previously unreported tools like CCoreDoor and PocoProxy. Show NotesOperation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian governmentSurfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign GovernmentCrimson Palace returns: New Tools, Tactics, and Targets
--------
42:39
--------
42:39
Doppelgänger
In this episode of Malspace, Pierre Delcher, Head of Cyber Threat Research at HarfangLab, discusses the alarming rise of Russian disinformation campaigns targeting European and US media. We explore how cloned websites of outlets like Der Spiegel, Le Monde, and The Washington Post are being used to spread fake news, manipulating public opinion. Pierre sheds light on the techniques behind these operations and the role European companies play in keeping them online.
Show Notes
EU Disinfo Lab on Doppelgänger
Qurium - Under the hood of a Doppelgänger
Correctiv - How Russia uses EU companies for its propaganda
BayLfV report (German)
Mid-year Doppelgänger information operations in Europe and the US
--------
49:58
--------
49:58
The Darkside of TheMoon
On this episode, Chris Formosa and Steve Rudd of Lumen’s Black Lotus Labs share their research on a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of TheMoon malware. TheMoon, which emerged in 2014, has been operating quietly, while growing to over 40,000 bots from 88 countries in January and February of 2024.
Show Notes
Darkside of TheMoon Blog Article
Giving a Face to the Malware Proxy Service Faceless
IOCs on Github
BSides Las Vegas Talk
--------
33:47
--------
33:47
Vertex Project´s Journey and the APT1 Report´s Legacy
In this special episode of Malspace, we celebrate the 8th anniversary of the Vertex Project and the 11th anniversary of the APT1 report release together with Visi Stark himself. Join us for fascinating anecdotes, insights, and a forward-looking discussion on the future of threat intelligence.
Show Notes
Visi Stark
Vertex Project
Vertex Project´s 8 Year Anniversary
APT1 Report
PLA - People's Liberation Army
Vivisect
NCAJTF
Airforce OSI
UNC
Listen to Malspace, The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis and many other podcasts from around the world with the radio.net app
UK