The CyberWire Daily Briefing

"Anasta Banking Trojan gets new capabilities, 3rd party risk, cyberattack hits Canadian gas stations."

Views expressed in this cybersecurity, cybercrime, cyber espionage update are those of the reporters and correspondents.  Accessed on 27 June 2023, 1934 UTC.  Content provided by email subscription to "The CyberWire Daily Briefing."

Source: ("The CyberWire Daily Briefing").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (

More signal, less noise.

AI-powered, best-in-class protection against the most sophisticated attacks.

Most security breaches can be linked to an email, from phishing and impersonation to BEC and zero-day threats. As one of the most used apps in business, email deserves better protection. Mimecast helps 40,000+ organizations work fearlessly. Get the best layer of protection with Mimecast and the most dangerous threats can be the least of your worries.

Daily Briefing

June 27, 2023.

Join the Q2 Cybersecurity Analyst Call

We'd like to invite you to the Q2 Cybersecurity Analyst Call on Thursday, June 29th, 2023 at 2pm EST to take a look at exactly which developments and topics were the most important this quarter. Join our host, CSO, Chief Analyst, & Senior Fellow, Rick Howard, with N2K Networks President, Simone Petrella, and CISO of Centene, Alan Berry for an insightful discussion about industry events from this quarter that have made material impacts. This live event is typically a CyberWire Pro exclusive, but will be open to all readers and listeners! Be sure to submit questions and/or topics with your registration. Register now.

We also invite your feedback.

We're always looking for ways to improve the CyberWire, now N2K Cyber Network, to give you an intelligence-driven news experience that saves you time and keeps you in the know on the latest developments in cybersecurity. Please share your feedback in our 2023 Audience Survey and you will have a chance to win a $100 Amazon gift cardTake the survey.


At a glance.

  • Anatsa Trojan's new capabilities.
  • Airlines report employee data stolen in a third-party breach.
  • Canadian energy company SUNCOR reports a cyberattack.
  • What of the Internet Research Agency?
  • Microsoft warns of a rising threat to infrastructure.
  • DDoS grows more sophisticated.

Anatsa Trojan's new capabilities.

The Android banking Trojan Anatsa has expanded its targeting to new banks in the US, the UK, and Germany, according to researchers at ThreatFabric. Anatsa is delivered via malicious apps in the Google Play Store, and it’s been downloaded more than 30,000 times during the present, ongoing campaign. “Once the device is infected, Anatsa is able to collect sensitive information (credentials, credit card details, balance, and payment information) via overlay attacks and keylogging,” ThreatFabric says. “This information will be later used by the criminals to perform fraud. Anatsa provides them with the capability to perform Device-Takeover Fraud (DTO), which then leads to performing actions (transactions) on the victim’s behalf. Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that is very challenging for banking anti-fraud systems to detect it.”

Sponsored by mWISE

Early bird registration is open. Get the lowest price we offer.

Register now for Mandiant’s mWISE security conference.

Airlines report employee data stolen in a third-party breach.

A month and a half after learning of a data breach involving their employees, American Airlines and Southwest Airlines have determined that the incident originated with a third-party vendor, Pilot Credentials, which both companies used. In a statement sent to employees, American Airlines explained that they had learned about an incident that occurred on May 3rd, 2023, and subsequently launched an investigation. “According to the third-party vendor (pilotcredintials[.]com), an unauthorized actor accessed the third-party vendor’s systems on or around April 30, 2023 and obtained certain files provided by some pilot and cadet applicants during our hiring process,” the airline wrote. The airline further explained that names, social security numbers, driver license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued IDs were potentially taken. It’s offering two years of IdentityWorks’ identity-monitoring service to all who were affected. BleepingComputer writes that 5,745 personnel were affected by the breach. 

Southwest issued a similar disclosure. On June 23rd the office of Maine’s Attorney General released a data breach notification for residents affected by the Southwest Airlines breach that put the tally of people affected at 3,009. Southwest is offering a two-year Equifax credit-monitoring program to affected individuals.

Sponsored by Scytale

Are you compliant yet? You better be if you want your prospects to buy.

Your prospects are demanding SOC 2 and you're not closing deals without it. Scytale's security compliance automation platform helps companies get compliant and stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, GDPR and PCI-DSS without breaking a sweat. 

Save hundreds of hours with streamlined compliance and dedicated support, remain compliant all year round with automated monitoring and alerts, and most importantly, boost sales by providing proof of information security to your customers. Learn more.

Canadian energy company SUNCOR reports a cyberattack.

Sunday, June 25th, the Canadian energy company SUNCOR disclosed that it was the victim of a cyber attack. “Suncor (TSX: SU) (NYSE: SU) has experienced a cyber security incident. The company is taking measures and working with third-party experts to investigate and resolve the situation, and has notified appropriate authorities.” The company hadn’t found any evidence that data regarding customers, suppliers, or employees were affected. Bleeping Computer reports that the company, on Monday, warned users that they might be unable to log into their accounts, and that there was an ongoing issue with customers’ ability to accrue rewards points. As of last Friday, many customers were tweeting that “it is currently impossible to pay with credit/debit cards at Petro-Canada stations, leaving cash as the only option.” The company’s car-wash season passes also seem to have been affected. Reuters sought more information from the authorities, but there was little on offer: “The Canadian Centre for Cyber Security had earlier said it was aware of reports of an incident affecting Petro-Canada but said it did not generally comment on ‘specific cybersecurity incidents.’“

Sponsored by CyberArk

The future of security is identity and with CyberArk, the future of identity is secure.

With 84% of organizations experiencing an identity-related breach, identity is the new battlefield. As the pioneers of privileged access management, we started by protecting the most privileged users and most critical data. With intelligent privilege controls, today we’re applying the same levels of security and protection to every identity – both human and machine. CyberArk offers the most advanced identity security platform in the world, surrounding every identity with a powerful force field of continuous protection.

What of the Internet Research Agency?

The Wagner Group isn't the only private enterprise that furnishes deniable support to Russian policy, POLITICO reminds its readers. There's also Mr. Prigozhin's Internet Research Agency, the notorious St. Petersburg troll farm that drew widespread attention for retailing disinformation aimed at influencing elections in the US and elsewhere. How it will fare in the aftermath of its corporate sister's mutiny remains unclear. "The Russian oligarch’s empire reaches far beyond a paramilitary mercenary group to also include “troll factories” used to spread Russian propaganda," POLITICO writes. "Prigozhin has claimed on Telegram to have founded the U.S.-sanctioned Internet Research Agency, and on another occasion said he has interfered in U.S. presidential elections through the spread of disinformation." In any case, the mutiny's sequelae can be expected to include heavy influence operations, directed for the most part at Russian opinion.

The Intercept offers a brief history of Mr. Prigozhin's experience in this regard. Much of his organizations' activity shades into marketing, particularly in the African countries where his forces remain active. Lawfare yesterday blogged an assessment of how effective the Internet Research Agency has actually been. The group's influence has been easy to overestimate, but it can't be written off, either. The troll farm remains in business.

Microsoft warns of a rising threat to infrastructure.

Yesterday Microsoft offered an appreciation of Russia's likely courses of action in the cyber phase of its war against Ukraine. "This what we are experiencing now has become a hybrid war – both a kinetic and digital. The recent and ongoing cyberattacks have been precisely targeted, with the aim to bring down Ukraine’s economy and government. Microsoft Digital Defense Report showed that the number of cyberattacks targeting critical infrastructure had grown significantly. The level of sophistication of cyberattacks is permanently evolving." The continuing convergence of IT and OT networks represents an increasing risk, especially given the relative "fragmentation" and impoverished security of operational technology. "Microsoft identified unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer Operational Technology (OT) networks." The company's report concludes with a set of recommendations that provide organizations with an eight-step approach to improving infrastructure security.

"The equivalent of a cave man with a club" (but getting more dangerous).

One of the experts cited by the Washington Post in a story on the growing sophistication of distributed denial-of-service (DDoS) attacks, made the Alley-Oop comparison, and indeed DDoS has for some time been both a commodified nuisance and one of the defining features of Russia's cyber campaign against countries sympathetic to Ukraine. “In the world of cybersecurity threats, it’s sort of the equivalent of a cave man with a club,” Cloudflare CEO and co-founder Matthew Prince told the Post. “It’s not particularly sophisticated, but can obviously do a lot of damage. … What we have seen is that the clubs continue to get bigger, and the cave men have gone from knocking down your website, which is embarrassing but may not be all that harmful, to now going after what can be much more critical.” Attacks against the Domain Name System (DNS attacks) and layer 7 attacks (which hit the application layer of a network). The newly emergent sophistication isn't confined to Russia's cyber auxiliaries, but it can be expected to manifest itself in that quarter.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.



Today's issue includes events affecting Australia, Belarus, Canada, Croatia, Germany, Hungary, Israel, Russia, Spain, Ukraine, the United Kingdom, and the United States.


Workforce Intelligence: What It Is And Why You Need It For Cyber Teams (Virtual, June 21 - 28, 2023) Just as you regularly evaluate and upgrade technology to improve performance, the same approach must apply to your people. N2K’s Jeff Welgan and Yameen Huq discuss workforce intelligence and how it can optimize your cyber talent development strategy.

July Cyber Security Summits (Multiple locations / Virtual, July 13 - 27, 2023) Join us In-Person and network over breakfast, lunch & a cocktail reception on 7/13 in Raleigh-Durham, on 7/20 in DC and 7/27 in Pittsburgh. Learn about the latest threats and solutions from The FBI, U.S. DHS / CISA, IBM Security & more. Earn CPE/CEU credits with your attendance. Get $100 off admission w/ code CyberWire23 at

mWISE early bird registration is open. Get the lowest price we offer. Washington, D.C. or online (Washington, D.C. / Virtual, September 18 - 20, 2023) Early bird registration for Mandiant’s mWISE, the targeted security conference where we use the power of collective intelligence to combat emerging threats. Get the best price we offer at this highly targeted, vendor-neutral, community-focused event. mWISE Conference 2023 Registration is Open


Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+488: Join the Army or go to Belarus. Or just go home. (CyberWire) As the mutiny sorts itself out, influence operations seek to reach a domestic Russian audience.

Russia's hybrid war against Ukraine: lessons learned. (CyberWire) A brief retrospective on operations in cyberspace during Russia's hybrid war to date.

Russia-Ukraine war: List of key events, day 489 (Al Jazeera) As the war enters it 489th day, these are the main developments.

Find MORE on our website.

Attacks, Threats, and Vulnerabilities

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks (The Hacker News) New cyber espionage threat! Chinese group Volt Typhoon, aka Bronze Silhouette, employs advanced ...

China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (Dark Reading) A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve ...

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks (Security Affairs) China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to ...

Find MORE on our website.

Security Patches, Mitigations, and Software Updates

Grafana security release for CVE-2023-3128 (Grafana Labs) Today we are releasing Grafana 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20 and 8.5.27, which include a ...


Hackers’ Favorite Victims: Who Are They and Why Are They at Risk? (MUO) Anyone can be hit by hackers, but who do cybercriminals target more than most and why?

Aqua Nautilus Research Finds 1,400% Surge in Memory-Based Attacks as Hackers Evade Traditional Cloud Security Defenses (GlobeNewswire News Room) Based on analysis of 700K real-world attacks, the report provides insight into threat actors’ ...

Postman’s 2023 State of the API Report Reveals APIs as Key Revenue Generators (Business Wire) World’s largest survey of more than 40,000 developers and API professionals finds API monetization, ...

Find MORE on our website.


Cyera Secures $100 Million Series B Investment to Become the Data Security Platform Enabling the AI Revolution (PR Newswire) Cyera, the data security company, today announced a $100 million Series B investment led by Accel ...

How Israel invested in spyware at heart of Greek scandal, EU inquiry (Haaretz) Six years ago, the state-owned defense contractor Israel Aerospace Industries (IAI) announced it was ...

SAIC Wins $1.3B Treasury Cloud Contract (WashingtonExec) Bob Genter, SAIC Science Applications International Corp. has won a $1.3 billion single-source ...

Find MORE on our website.

Products, Services, and Solutions

KnowBe4 Launches Children’s Interactive Activity Kit To Help Teach Cybersecurity Skills (KnowBe4) KnowBe4 Launches Children’s Interactive Activity Kit To Help Teach Cybersecurity Skills

Jscrambler launches free tool for compliance PCI DSS v4 (Jscrambler) Jscrambler is launching a free tool for faster compliance with new PCI DSS v4.0 e-skimming ...

SentinelOne Secures India’s Food Supply (Business Wire) Nation’s premier agritech business leverages company’s autonomous security platform to shield supply ...

Find MORE on our website.

Technologies, Techniques, and Standards

CISA Releases Cloud Services Guidance and Resources (Cybersecurity and Infrastructure Security Agency) Final guidance and resources help agencies adopt necessary security and resilience best practices ...

Introducing OWASP CycloneDX v1.5: Advanced Bill of Materials Standard Empowering Transparency, Security, and Compliance (CycloneDX) OWASP, the Open Worldwide Application Security Project, is proud to announce the launch of OWASP ...

FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (PR Newswire) Passkeys are a game changer for signing in to online services and apps, providing phishing-resistant ...

Find MORE on our website.

Design and Innovation

Google DeepMind CEO Demis Hassabis Says Its Next Algorithm Will Eclipse ChatGPT (WIRED) The company is working on a system called Gemini that will draw on techniques that powered AlphaGo ...

WithSecure aims to make security more sustainable (News Powered by Cision) The company’s W/Sustainability program includes green coding initiative to lower energy consumed by

Research and Development

DARPA Sets Proposers Day for Intelligent Generation of Tools for Security Program (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: DARPA Sets Proposers Day ...

DARPA launches INGOTS program (Intelligence Community News) DARPA’s Intelligent Generation of Tools for Security (INGOTS) program aims to identify and fix ...


UWF receives top honor for cybersecurity community outreach initiatives (University of West Florida Newsroom) The University of West Florida received the National Centers of Academic Excellence in Cybersecurity ...

Legislation, Policy, and Regulation

The Race to Regulate Artificial Intelligence (Foreign Affairs) Why Europe has an edge over America and China.

US goading Japan to up its cybersecurity game (Asia Times) Prime Minister Fumio Kishida’s administration hopes to raise Japan’s poor cybersecurity performance ...

The US Senate Wants to Reign In AI. Good Luck With That (WIRED) With a poor track record on tech regulation, do lawmakers stand a chance?

Find MORE on our website.

Litigation, Investigation, and Law Enforcement

Israel's Shin Bet spy service uses generative AI to thwart threats (Reuters) Israel's Shin Bet security service has incorporated artificial intelligence into its tradecraft and ...

SolarWinds says SEC investigation ‘progressing to charges’ () SolarWinds — the technology firm at the center of a December 2020 hack that affected multiple U.S. ...

UK hacker busted in Spain gets 5 years over Twitter hack and more (Naked Security) Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too…

Find MORE on our website.


Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
The CyberWire logo
Twitter IconFacebook IconLinkedIn IconEmail Icon

Copyright © 2023, CyberWire Inc. Views and assertions of the various sources cited, Selected Reading articles, and images are those of the authors and artists, not the CyberWire, Inc.

This email was sent to
why did I get this?  |  unsubscribe  |  manage subscription preferences

The CyberWire · 8110 Maple Lawn Blvd Ste 200 · Fulton, MD 20759-2694 · USA


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.