Modern adversaries are relentless. Today’s threat actors target organizations around the world with sophisticated cyberattacks. Who are they? What are they afte...
It has been another busy year for defenders and adversaries alike. As we wrap up 2024, Adam and Cristian reflect on the nation-state and eCrime threat activity that defined this year and what they expect as we head into 2025.
Tune in to hear their observations on changing eCrime activity in Latin America, Chinese adversaries evolving their tactics and targeting telecommunications entities, the disruption of eCrime operations in the United States and more. And of course, you’ll hear the stories and context behind how these events unfolded and how we got to where we are today.
Thank you to our listeners for all your support this year. We appreciate you sharing feedback and topics you’d like to hear on the show. As we plan for 2025, we anticipate another year of in-depth conversations, adversary insight and guest perspectives on the Adversary Universe podcast. Happy holidays!
--------
33:01
Cross-Domain Attacks: Know Them, Find Them, Stop Them
Adversaries have realized their time-honored attack methods involving clunky malware and malicious attachments are no longer working, largely due to endpoint detection and response tools alerting security teams to their activity. To improve their success rate, many are turning to cross-domain attacks.
Cross-domain attacks span multiple domains within an organization’s environment; namely, identity, endpoint and cloud. An adversary most often starts with a set of stolen credentials, which allows them to log in and operate under the guise of a legitimate employee. From there, they might target the cloud control plane to access more accounts or pivot to unmanaged devices. All the while, they move silently, achieving their goals without triggering alarms.
“The adversaries have really figured out how to operate from the shadows more effectively,” Adam says.
In this episode, he and Cristian discuss how cross-domain attacks unfold in a target environment; which adversaries are adopting this tradecraft; and how organizations can better detect, identify and mitigate these threats before it’s too late.
Watch our Cyber Threat Summit (focused on the rise of cross-domain attacks) on-demand: https://www.crowdstrike.com/resources/crowdcasts/cyber-threat-summit/
--------
40:00
LIMINAL PANDA and the Implications of Global Telco Targeting
On Nov. 19, 2024, Adam testified in front of the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on Chinese cyber threats to critical infrastructure. This was the first time he publicly spoke about LIMINAL PANDA, a China-nexus state-sponsored threat actor that has been targeting telecommunications organizations since at least 2020.
LIMINAL PANDA is a newly named adversary, but CrowdStrike has been tracking its activity for over three years. It uses custom tools and demonstrates extensive knowledge of telco networks, including the connections between providers. And it's not alone: There are multiple adversaries targeting telcos, with good reason — the access they grant, and the data they possess, is a gold mine for threat actors.
But LIMINAL PANDA’s activity does more than showcase why critical infrastructure is a valuable target. It also represents how Chinese cyber activity has evolved since the mid-2000s, when it mostly involved “smash and grab” operations. Now, China has refined its espionage operations to conduct subtle and advanced attacks targeting critical infrastructure entities around the world.
In this episode, Adam and Cristian dig deep into the discovery of LIMINAL PANDA, the maturation of Chinese cyber operations and the scary consequences of telco-focused cyberattacks. Adam shares more about his congressional testimony and the value of keeping government officials informed on adversary activity. Come for Adam and Cristian’s Thanksgiving recipes, and stay for a deep-dive on this evolving nation-state threat, in this episode of the Adversary Universe podcast.
Read Adam's testimony here: https://www.judiciary.senate.gov/committee-activity/hearings/big-hacks-and-big-tech-chinas-cybersecurity-threat
--------
39:59
Exploring Offensive Security with CrowdStrike Red Teamers
If a business wants to know what an adversary might be capable of, they can seek the help of a red team. These cybersecurity professionals are tasked with emulating adversary activity to achieve specific objectives in their clients’ environments. Their goal is to find an organization’s weaknesses — before a real adversary does — so it can strengthen its security posture. But what does a red team actually do, and who are the people on these teams?
In this episode, Cristian is joined by CrowdStrike Director of Professional Services Vincent Uguccioni and Professional Services Principal Consultant Brent Harrell to dive into all things red teaming. Both seasoned experts with fascinating backgrounds, Vincent and Brent define what red teaming is (and what it isn’t), explain how it has evolved, debunk common misconceptions about what red teamers do and explain the value of the many different skills the members of a red team have.
The goal of the red team is to help, not hurt. Red teamers may need to think like an adversary when they’re navigating a client environment, but their broader strategy involves collaborating with the client and blue team to guide remediation and improve the client's security. Vincent and Brent also walk us through the process of a red team engagement, from initial client discussions to final reporting, and share how they adjust their approaches as adversary techniques evolve. And if you’re interested in becoming a red teamer, they share some guidance for that as well.
On a related note, we recently introduced CrowdStrike AI Red Team Services. Read our blog for more details: https://www.crowdstrike.com/en-us/blog/crowdstrike-launches-ai-red-team-services/
--------
47:39
The Latest in China-Taiwan Cyber Tensions
China and Taiwan have a long history of geopolitical tension that has evolved from land and sea to cyberspace. Relations between the two recently took an interesting turn when the Chinese Ministry of State Security (MSS) claimed hacktivist entity Anonymous 64 targeted China and its territories with attempted disinformation and public communication disruption. The Chinese government further alleged the activity was directed by the Taiwanese government, whose officials are investigating the activity and expressed the claims are false.
These allegations mark an interesting shift in the relations between China and Taiwan. In this episode, Adam and Cristian start with a 50,000-foot view of their nuanced, tense history. They define and discuss the organizations involved in these events and the details of their claims, and they share what we know about Anonymous 64. Why is this news significant? What are the geopolitical implications? And where have we seen similar activity in other regions?
It is important to note that CrowdStrike has not independently verified the Chinese government’s accusations. Tune in to hear more about a story that blends politics, military strategy and digital warfare.
Modern adversaries are relentless. Today’s threat actors target organizations around the world with sophisticated cyberattacks. Who are they? What are they after? And most importantly, how can you defend against them? Welcome to the Adversary Universe podcast, where CrowdStrike answers all of these questions — and more. Join our hosts, a pioneer in adversary intelligence and a specialist in cybersecurity technology, as they unmask the threat actors targeting your organization.