“We’ve traced the call… it’s coming from inside the house.”

Source: The 1979 Movie “When a Stranger Calls”.

Sharing a couple of recent case studies on how sophisticated bad actors are systematically infiltrating the networks of target organisations. These case studies are just as scary as any horror movie.

There has been recent press coverage (refer to CNN & CNBC articles) on ongoing attacks on Microsoft systems by the hacking group Midnight Blizzard. In a recent edition of the Risky Business Soap Box podcast series, Andy Robbins from SpecterOps, talks with Patrick Gray on the methodology he believes was used to initially penetrate Microsoft. Patrick Gray & Tom Uren also discuss the ongoing challenges for Microsoft in Srsly Risky Biz.

In the February 8th, 2024 edition of The Record, Jonathon Greig has an excellent article on how the Volt Typhoon hacking group are believed to be pre-positioning themselves for disruptive attacks on critical infrastructure. The article is based on a recent report by CISA (Cybersecurity and Infrastructure Security Agency), the NSA and the FBI.