Inside the Turla Playbook: Hijacking APTs and fourth-party espionage

Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok. Cast: Juan Andres Guerrero-Saade, Costin Raiuand Ryan Naraine.Links:Transcript (unedited, AI-generated)Russian APT Turla Caught Stealing From Pakistani APTSnowblind: The Invisible Hand of Secret BlizzardMicrosoft: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security BlogEpicTurla.comDevice Confiscated by Russian Authorities Returned with Monokle-Type SpywareLookout Security research paper on Monokle spywareParubets: How a programmer foiled his own FSB recruitmentCISA/FBI guidance to repel Salt TyphoonUS officials say they still have not expelled Chinese telco hackersSolana backdoored in supply chain hackRomania's top court annuls first round of presidential vote won by far-right candidate

Om Podcasten

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).