Good morning,

After we took Sunday off we anticipated things would calm down a little. We were wrong. There has been more arrests, the CrowdStrike fire is still burning, and the arguing about CrowdStrike continues.

😭😭😭

> open xitter
> see long winded rants about kernel mode drivers
> see long winded rants about crowdstrike
> see long winded rants about malware

More annoyed at the fact CrowdStrike has brought in a surge of 'experts' than the actual computer damage at this point. We're going to hear idiotic schizophrenic rants for months

The CrowdStrike C-suite LinkedIn apology post tl;dr

Anyway, unless something profoundly dramatic happens, we are no longer going to actively discuss the current CrowdStrike situation. We're fatigued – and various members are combating the fall out in their own way (organizationally, whatever).

tl;dr moving on

Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughly 8,500,000 computers across the globe – including computer operations regarded as critical infrastructure.

No date has been released yet when George Kurtz will testify.

United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.

Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.

Information via Reuters, The Associated Press, and The Washington Post

This by far one of the largest oopsies in cybersecurity history. We can't recall a moment where a vendor caused this much damage... ever. We're aware of instances where updates corrupted something, but nothing on this scale.

They'll probably talk about this in history books.

Remember when Shou Zi Chew, the CEO of TikTok, testified before the United States congress and they grilled him on questions about WiFi or TikTok monitoring IOT devices?

Imagine the CEO of CrowdStrike having to explain an EDR to the United States Congress 😂😂😂😂

20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it.

The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing

There is a REAL WORLD CHANCE your shitty memes could be in a history book 😭😭😭😭😭

Damn why they cookin us 😭😭😭

Updates to vx-underground:

Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats

Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook

Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23

Some media outlets are reporting a compromise (and leak) of Leidos – a large IT service provider for the United States Pentagon.

Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.

¯\_(ツ)_/¯

EDIT: It was posted on Breached on Sunday. We don't internet on Sundays

Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired.

Their blog post highlights North Korean identity fraud techniques.

https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

Unironically, in the past vx-underground members have had difficulties passing background checks because of the amount of information required – in-depth job history, birth certificate, other forms of government identification, etc.

Yet North Korea passes it first try 😭😭😭😭

Yesterday Dragos unveiled 'FrostyGoop' an ICS (Industrial Control System) malware suspected to be developed by Russia's infamous sandworm team.

FrostyGoop successfully shut off the electricity of 600 apartment buildings in the midst of sub-zero temperatures (sub -17C temperatures) in January, 2024. It took Ukrainian officials almost 2 days to restore electricity of individuals impacted by FrostyGoop.

Dragos successfully identified the payload April, 2024.

This is the 9th ICS specific malware in history. This sort of malware is exceptionally rare, exceptionally difficult to develop, exceptionally difficult to test, and exceptionally difficult to deploy.

We do not have any malware samples for this payload. If one of you have this malware sample and would be willing to donate it to us, please do.

Check out the intelligence brief here:
https://vx-underground.org/APTs/2024/2024.07.24%20-%20FrostyGoop%20Intel%20Brief

404media is reporting Reddit is blocking ALL search engine crawls EXCEPT Google – which is currently paying $60,000,000/year for the right to scrape Reddit for AI training data.

More information:
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/