The North Korean Lazarus group is running multiple high-risk campaigns: one exploiting Windows and another installing malware through fraudulent blockchain job offers.

State of Cybercrime hosts Matt Radolec and David Gibson discuss the various APT groups, including a prolific ransomware-as-a-service operation and a Chinese cyber espionage gang known as Volt Typhoon, and other vulnerable vulnerabilities in this episode, including:

+ Lazarus FudModule rootkit attacks and the concurrent Eager Crypto Beavers campaign

+ RansomHub attacks on Halliburton, Change Healthcare, and hundreds more

+ Large-scale extortion of AWS environments through exposed ENV files

+ Hundreds of exposed servers from Volt Typhoon’s ISP targeting

+ Payment gateway breach of over 1.7 million credit card owners

Matt Radolec and David Gibson discuss how an unknown attacker recently exploited a vulnerability in Proofpoint’s email routing system, allowing them to bypass security measures and send millions of spoofed emails on behalf of major companies.

The co-hosts also cover:

+ The North Korean threat actor hired using AI

+ The biggest ransomware payment ever made

+ How X is training its Grok AI LLM with your posts

+ The EU’s groundbreaking AI act

+ How anyone can access deleted and private repositories on GitHub

+ Updates on AMD's silicon-level "SinkClose" processor flaw

In this episode of State of Cybercrime, co-hosts Matthew Radolec and David Gibson dive into the details around LockBit, and cover other news including:

+ The MOVEit authentication bypass flaw

+ Developments in the Polyfill supply chain attack affecting millions of websites

+ Updates on the targeted campaign against Snowflake

+A massive insider breach of a Pennsylvania healthcare system

+ Two new attack methods threat actors are adopting

+ The new OpenSSH unauthenticated RCE vuln that gives root privileges to + Linux systems