IntrusionsInDepth Podcast

Josh Stepp
  • 5.0 (1)
  • TECHNOLOGY

A podcast that analyzes cyber attacks and the threat actors that conduct them. Hosted by Josh Stepp www.intrusionsindepth.com

  1. 009.1: CRASH COURSE: IRAN | Geopolitics, Cyber Threat Groups and Operations

    OCT 5

    009.1: CRASH COURSE: IRAN | Geopolitics, Cyber Threat Groups and Operations

    Key Topics: * US-Iran Historical Tensions * Iran’s Demographics & Strategy * Nuclear Program & 2025 Strikes * Proxy Networks (Axis of Resistance) * Iranian Cyber Threat Actors Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Books: * Stuxnet and the Launch of the World’s First Digital Weapon Countdown to Zero Day - Kim Zetter * Iran’s Perilous Pursuit of Nuclear Weapons — David Albright & Sarah Burkhard * From Intel to Iran: The Defection of Monica Witt — Borna Ahadi Links and Resources: * https://en.wikipedia.org/wiki/Judicial_system_of_the_Islamic_Republic_of_Iran * https://attack.mitre.org/groups/G0069/ * https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming * https://cloud.google.com/security/resources/insights/apt-groups#global-threats-iran * https://en.wikipedia.org/wiki/Shamoon * https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a * https://cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/ * https://iapp.org/news/b/black-shadow-hackers-re-emerge-with-second-israeli-breach * https://www.securiwiser.com/news/black-shadow-hits-cyberserve-and-lgbtq-dating-app-client/ * https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations * https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation * https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks * https://www.mei.edu/publications/iranian-apts-overview * https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises * https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents * https://darknetdiaries.com/transcript/30/ * https://risky.biz/why-iran-is-a-scaredy-cat-cyber-chicken/ * https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies * https://home.treasury.gov/news/press-releases/sm1127 * https://mjolnirsecurity.com/the-asymmetric-battlefield-an-anthropological-and-geopolitical-analysis-of-iranian-cyber-threats-to-north-american-critical-infrastructure/ * https://cloud.google.com/blog/topics/threat-intelligence/apt33-insights-into-iranian-cyber-espionage * https://www.picussecurity.com/resource/blog/understanding-active-iranian-apt-groups * https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025 * https://www.mei.edu/publications/iranian-apts-overview * https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks * https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation * https://www.darkreading.com/vulnerabilities-threats/anatomy-of-the-new-iranian-apt * https://www.infopoint-security.de/medien/fireeye-operation-saffron-rose.pdf * https://narimangharib.com/ * https://darknetdiaries.com/transcript/30/ * https://www.youtube.com/playlist?list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew * https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/ * https://cloud.google.com/blog/topics/threat-intelligence/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    2h 20m
  2. AMA002 : COINBASE | IRAN | CAREER

    AUG 12

    AMA002 : COINBASE | IRAN | CAREER

    In this AMA episode of "Intrusions in Depth," host Josh Stepp chats with friend and cybersecurity mentor David "Ponch" Sanchez about pressing topics from the audience. They break down the Coinbase breach, discussing how a bribed contractor exposed user data and balances, which could potentially create targets for phishing and physical attacks. Next, they analyze the risk of Iranian cyber retaliation against U.S. infrastructure during the ongoing Israel-Iran skirmishes, weighing destructive potential against political divisions. Lastly, for those entering cybersecurity, especially threat intelligence, they advise building home labs, reading industry articles, and seeking hands-on experiences at events like DEF CON to stand out in a competitive job market. Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://github.com/demining/Physical-Bitcoin-Attacks * https://www.raicescyber.org/ * https://www.wsj.com/us-news/second-suspect-surrenders-in-alleged-new-york-crypto-kidnapping-case-103e06c6 * https://www.wsj.com/video/botched-kidnapping-attempt-in-paris-as-criminals-target-crypto-wealth/9E10C74A-5158-49AF-B625-4ABA5EDC5B6E * https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976 * https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a * https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36 * https://academy.intel-ops.io/courses/hunting-adversary-infra * https://web.archive.org/web/20201206081245/https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/psychology-of-intelligence-analysis/PsychofIntelNew.pdf * https://irp.fas.org/doddir/army/ * https://irp.fas.org/doddir/army/gta33_01_006.pdf * Host: Josh Stepp * Produced by: Josh Stepp * Guest: David Sanchez Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    55 min
  3. Using LLMs to Abuse Sharepoint and Threaten Nuclear Actions

    JUL 17

    Using LLMs to Abuse Sharepoint and Threaten Nuclear Actions

    Description In this informal mini-episode, Josh Stepp delves into two AI-related topics. First, he explores the "Vending Bench" research paper, which tests the long-term coherence of LLM-based agents running a vending machine business, revealing high variance in performance, with top models like Claude 3.5 Sonnet and OpenAI's O3 Mini outperforming humans but occasionally spiraling into chaotic behaviors like spamming the FBI over minor issues. Then, Josh reacts to a Pentest Partners blog post about exploiting SharePoint via Microsoft's CoPilot, highlighting how attackers can bypass access controls and forensic tracking to mine sensitive data Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://arxiv.org/pdf/2502.15840 * https://andonlabs.com/ * https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/ * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    30 min
  4. 008.1: POLYFILL

    MAY 27

    008.1: POLYFILL

    In this episode of the Intrusions InDepth Podcast, host Josh Stepp dives into the 2024 Polyfill.io incident, a wake-up call for the web development community that exposed the vulnerabilities of the internet’s sprawling infrastructure. What began as a trusted open-source service, used by over 100,000 websites to ensure cross-browser compatibility, turned into a vehicle for widespread malware distribution after its domain and GitHub repository were sold to a Chinese company, Funnull. Josh explores the timeline of the attack, the mechanics of the malicious JavaScript payloads, and the broader implications for open-source software and internet trust. With a mix of technical analysis, commentary on open-source economics, and a touch of conspiracy-adjacent speculation, this episode unpacks how a seemingly innocuous service became a vector for a global cyberattack and what it means for the future of the web. Main Topics Discussed * Polyfill.io Attack Overview * Timeline of Events * Malware Mechanics * Open-Source Vulnerabilities * Implications and Solutions Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://blog.qualys.com/vulnerabilities-threat-research/2024/06/28/polyfill-io-supply-chain-attack * https://cside.dev/blog/the-polyfill-attack-explained * https://therecord.media/polyfill-cloudflare-trade-barbs-supply-chain-attack * https://news.ycombinator.com/item?id=40792136 * https://news.ycombinator.com/item?id=40804254 * https://risky.biz/RB755/ * https://web.archive.org/web/20230505112634/https://polyfill.io/v3/ownership-transfer * https://web.archive.org/web/20230601214142/https://jakechampion.name/ * https://web.archive.org/web/20231011015804/https://polyfill.io/ * https://web.archive.org/web/20231101040617/https://polyfill.io/ * https://github.com/polyfillpolyfill/polyfill-service/commit/5f4fc040e09436371f70ffcebe47ca0e3cdccac0 * https://github.com/polyfillpolyfill/polyfill-service/commit/aa261a834b36131e8dbd20d725c6b5d773f736d9 * https://github.com/polyfillpolyfill/polyfill-service/issues/2892 * https://sansec.io/research/polyfill-supply-chain-attack * https://www.theregister.com/2025/05/06/from_russia_with_doubt_go/ * https://huntedlabs.com/the-russian-open-source-project-that-we-cant-live-without/ * https://x.com/weirddalle/status/1922396432977346973 * https://www.berkshirehathaway.com/ * https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk/ * https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet/ * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    38 min
  5. 007.1: The VIRUS FACTORY

    MAY 5

    007.1: The VIRUS FACTORY

    Step back into the late 1980s and early 1990s in Sofia, Bulgaria, a nation transitioning from communism and becoming an unexpected epicenter for early computer virus creation. This episode delves into the story of Vesselin Bontchev, a young researcher studying the nascent threat of computer viruses, and the emergence of the notorious virus writer known only as "Dark Avenger". Explore the destructive nature of early viruses like "Eddie" and the escalating rivalry between Bontchev, who sought to counter the viral threat, and Dark Avenger, who released increasingly malicious code and even targeted Bontchev directly. Discover how American Sarah Gordon stumbled into this world, her interactions with Dark Avenger, and the creation of the revolutionary, dangerous Mutation Engine (MtE). We'll also examine the unique socio-economic conditions in Bulgaria that fostered this "Virus Factory," including a surplus of skilled tech enthusiasts with limited opportunities and widespread software piracy. Main Topics Discussed * The Bulgarian Virus Scene: The episode explores how Bulgaria, particularly Sofia, became a surprising hub for computer virus creation in the late 80s and early 90s, coinciding with the country's political and economic transition. * Vesselin Bontchev vs. Dark Avenger: A central theme is the rivalry between Vesselin Bontchev, an anti-virus researcher, and the prolific, malicious virus writer known as Dark Avenger. This includes Dark Avenger's increasingly sophisticated viruses (like Eddie and Nomenklatura), his targeting of Bontchev and others, and Bontchev's efforts to analyze and combat the viruses. * Sarah Gordon and the Mutation Engine (MtE): The story of Sarah Gordon, an American who became fascinated with the Bulgarian virus scene and interacted with Dark Avenger. This interaction led to Dark Avenger creating the groundbreaking and dangerous Mutation Engine (MtE), a tool allowing viruses to constantly change their code to evade detection. * Psychology and Sociology of Virus Writing: The episode touches upon the motivations behind virus creation, including seeking fame, rebellion against authority, socio-economic factors like lack of opportunity and widespread software piracy in Bulgaria, and Sarah Gordon's research into the mindset of virus writers. * Early Computer Viruses and Anti-Virus Efforts: The discussion covers the nature and mechanics of early computer viruses (e.g., infecting .com/.exe files, corrupting disk sectors, targeting the FAT) and the nascent anti-virus techniques and communities forming to combat them (like CARO and FidoNet). Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://bontchev.nlcv.bas.bg/papers/factory.html#The%20Dark%20Avenger * https://www.f-secure.com/v-descs/eddie.shtml * https://www.theguardian.com/news/2023/may/09/on-the-trail-of-the-dark-avenger-the-most-dangerous-virus-writer-in-the-world * https://en.wikipedia.org/wiki/Sarah_Gordon_(computer_scientist) * Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro * https://(.)youtu.be/1iq9w5Tn_DQ * https://(.)www.youtube.com/watch?v=NtJ0CQ7K6_4&ab_channel=DEFCONConference * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    53 min
  6. 006.2: CHINA'S STRATEGIC CHESSBOARD: Where Salt Typhoon Fits

    APR 11

    006.2: CHINA'S STRATEGIC CHESSBOARD: Where Salt Typhoon Fits

    Episode Description: Dive into the complex world of cybersecurity and geopolitics with this addendum episode of Intrusions in Depth, hosted by Josh Stapp. Expanding on the Salt Typhoon episode, this podcast explores China's strategic cyber operations, global ambitions, and the evolving nature of modern warfare. From hacking tactics to pursuing economic and military dominance. Learn how groups like Salt Typhoon fit into China's broader geopolitical goals. Main Topics Discussed: * China’s Strategic Goals and the "China Dream": Examines Xi Jinping’s vision for China’s rejuvenation, aiming for economic prosperity, technological leadership, and military strength by 2049, with initiatives like Made in China 2025 and the Belt and Road Initiative. * Evolution of Warfare and Unrestricted Warfare Doctrine: Analyzes how China’s approach to warfare, inspired by the 1999 book Unrestricted Warfare, blends cyber, economic, and psychological tactics to exploit vulnerabilities, contrasting with Western military strategies. * The AI Race and Technological Competition: Explores the U.S.-China race for AI dominance, highlighting differences in innovation styles, data privacy approaches, and the role of AI as a force multiplier in modern conflicts. * Soft Power and Global Influence: Discusses China’s soft power strategies, including cultural exports like Confucius Institutes, economic diplomacy via the Belt and Road Initiative, and narrative control to shape global perceptions. * Deterrence and Defense Against Cyber Threats: Proposes solutions to counter groups like Salt Typhoon, weighing the challenges of bolstering cyber defenses and imposing economic or diplomatic costs on adversaries without escalating conflicts. Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://fs.blog/bias-conjunction-fallacy/ * https://en.wikipedia.org/wiki/Torrijos%E2%80%93Carter_Treaties * https://en.wikipedia.org/wiki/Operation_Fox_Hunt * https://en.wikipedia.org/wiki/Chinese_intelligence_activity_abroad * https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/ * https://www.propublica.org/article/operation-fox-hunt-how-china-exports-repression-using-a-network-of-spies-hidden-in-plain-sight * https://foreignpolicy.com/2018/10/11/if-the-u-s-doesnt-control-corporate-power-china-will/ * https://www.fbi.gov/news/speeches/the-threat-posed-by-the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states * https://en.wikipedia.org/wiki/Alberto_Fujimori * https://en.wikipedia.org/wiki/Ferdinand_Marcos * https://foreignpolicy.com/2025/01/07/china-salt-typhoon-hack-threat-panic-washington/ * https://scholarworks.uvm.edu/cgi/viewcontent.cgi?article=1440&context=hcoltheses * https://luluyan.medium.com/deepseeks-prompt-engineering-secret-there-is-no-secret-8107b14e1e56 * https://www.vellum.ai/blog/the-training-of-deepseek-r1-and-ways-to-use-it * https://www.techtarget.com/whatis/feature/DeepSeek-explained-Everything-you-need-to-know * https://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women * https://www.cfr.org/backgrounder/made-china-2025-threat-global-trade * https://apt.etda.or.th/cgi-bin/showcard.cgi?g=APT%2031%2C%20Judgment%20Panda%2C%20Zirconium&n=1 * https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/ * https://breakingdefense.com/2021/09/chinas-new-data-security-law-will-provide-it-early-notice-of-exploitable-zero-days/ * https://en.wikipedia.org/wiki/Made_in_China_2025 * https://en.wikipedia.org/wiki/Century_of_humiliation Books: * Mindf*ck: Cambridge Analytica and the Plot to Break America by Christopher Wylie * Targeted: My Inside Story of Cambridge Analytica and How Trump and Facebook Broke Democracy by Brittany Kaiser * Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang, Wang Xiangsui * Principles for Dealing with the Changing World Order: Why Nations Succeed and Fail by Ray Dalio Credits: * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to Intrusions in Depth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    1h 44m
  7. 006.1: SALT TYPHOON

    MAR 15

    006.1: SALT TYPHOON

    Episode Description: This episode of The IntrusionsinDepth Podcast released on March 15, 2025, explores the Chinese hacking group Salt Typhoon, a sophisticated cyber-espionage outfit linked to the Ministry of State Security that infiltrated nine U.S. telecom companies and the Treasury by exploiting vulnerabilities in Cisco and BeyondTrust systems. The host traces the group’s evolution from its broad 2019 attacks on Southeast Asia to its refined 2023-2025 campaigns, wielding custom malware like Ghost Spider to steal sensitive data from telecoms, governments, and tech sectors worldwide. With aliases like Ghost Emperor and UNC2286, Salt Typhoon’s history builds on decades of Chinese cyber operations—shifting from the PLA’s early economic theft to the MSS’s strategic espionage—culminating in recent breaches exposing D.C.-area VIP calls and unclassified Treasury documents. The U.S. response of symbolic sanctions on a Chinese firm and an MSS-affiliated hacker underscores the ongoing challenges with groups like this. Main Topics Discussed: 1. Who is Salt Typhoon? * Known by aliases like Ghost Emperor and UNC2286, they’ve been active since 2019, tied to China’s MSS. * Targets include telecoms, governments, and tech globally, with a focus on espionage. 2. History of Chinese Cyber Attacks * Early attacks (2003-2010s) by the PLA stole tech secrets, like Operation Aurora against Google. * Modern APTs like Salt Typhoon showing more refined, widespread operations. 3. Salt Typhoon’s Campaigns * Early hits (2019-2022) targeted Southeast Asia; later ones (2023-2025) hit U.S. telecoms and Treasury. * Malware like Ghost Spider evolved, using clever tricks to stay hidden and adaptable. 4. U.S. Attacks & Response * Recent breaches exposed D.C.-area VIP calls and Treasury data via Cisco and BeyondTrust flaws. * U.S. countered with symbolic sanctions on a Chinese firm and hacker, Yin Jinping, but the threat persists. Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://blog.polyswarm.io/salt-typhoon-targets-telecoms-with-ghostspider? * https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption * https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf * https://techcrunch.com/2024/10/13/meet-the-chinese-typhoon-hackers-preparing-for-war/ * https://mashable.com/article/salt-typhoon-breach-att-verizon-clear * https://techcrunch.com/2024/12/04/fbi-recommends-encrypted-messaging-apps-combat-chinese-hackers/ * https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/ * https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b * https://www.reuters.com/technology/cybersecurity/us-adds-9th-telcom-list-companies-hacked-by-chinese-backed-salt-typhoon-2024-12-27/ * https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage * https://en.wikipedia.org/wiki/Ministry_of_State_Security_(China) * https://en.wikipedia.org/wiki/2010%E2%80%932012_killing_of_CIA_sources_in_China? * https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/ * https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including * https://cloud.google.com/blog/topics/threat-intelligence/chinese-espionage-tactics/ * https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020 * https://en.wikipedia.org/wiki/Operation_Fox_Hunt * https://en.wikipedia.org/wiki/Salt_Typhoon * https://www.theguardian.com/us-news/2021/oct/27/us-bans-china-telecom-from-operating-over-national-security-concerns * https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince * https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/analyzing-salt-typhoon-telecom-attacker/ * https://www.crowdstrike.com/en-us/blog/an-analysis-of-lightbasin-telecommunications-attacks/ * https://www.reuters.com/technology/china-linked-hacking-group-accessing-calling-records-worldwide-crowdstrike-says-2021-10-19/ * https://www.darkreading.com/data-privacy/chinese-apt-backdoor-found-in-ccleaner-supply-chain-attack * https://news.sky.com/story/obama-tells-china-president-hacking-must-stop-10345126 * https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach * https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf * https://en.wikipedia.org/wiki/PLA_Unit_61398 * https://en.wikipedia.org/wiki/Titan_Rain * https://www.csis.org/programs/strategic-technologies-program/survey-chinese-espionage-united-states-2000 * https://www.nytimes.com/2024/12/16/us/politics/biden-administration-retaliation-china-hack.html * https://github.com/shadow1ng/fscan/blob/main/README_EN.md * https://github.com/sensepost/reGeorg * https://www.cisa.gov/sites/default/files/2024-05/MAR-10448362.c1.v2.CLEAR_.pdf * https://proxylogon.com/ * https://www.picussecurity.com/resource/blog/salt-typhoon-removing-chinese-telecom-equipment * https://threatpost.com/famoussparrow-spy-hotels-governments/174948/ * https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf * https://www.trendmicro.com/en_us/research/24/k/earth-estries.html * https://cyberscoop.com/suspected-chinese-hackers-took-advantage-of-microsoft-exchange-vulnerability-to-steal-call-records/ * https://portswigger.net/daily-swig/a-whole-new-attack-surface-researcher-orange-tsai-documents-proxylogon-exploits-against-microsoft-exchange-server * https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/ * https://cyberscoop.com/famoussparrow-eset-microsoft-exchange-proxylogon/ * https://www.c4isrnet.com/cyber/2024/04/10/secretive-us-cyber-force-deployed-22-times-to-aid-foreign-governments/ * https://www.meritalk.com/articles/report-salt-typhoon-using-backdoor-malware-tactics/ * https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951 * https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/ * https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html * https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html * https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation * https://www.trendmicro.com/en_us/research/24/k/earth-estries.html * https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/ * https://cyberscoop.com/chinese-hack-nsa-tool-check-point/ * https://teamwin.in/index.php/2025/02/15/redmike-hackers-exploited-1000-cisco-devices-to-gain-admin-access/ * https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally * https://cyberscoop.com/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks/ * https://www.techtarget.com/searchsecurity/news/366617509/Treasury-Department-breached-through-BeyondTrust-service * https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/ * https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/ * https://www.reuters.com/technology/cybersecurity/us-treasury-dept-issues-sanctions-related-salt-typhoon-hack-2025-01-17/ * https://www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/ * https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices * https://risky.biz/BTN106/ * https://en.wikipedia.org/wiki/Salt_Typhoon * https://jsac.jpcert.or.jp/archive/2025/pdf/JSAC2025_1_5_leon-chang_theo-chen_en.pdf * https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming * https://nvd.nist.gov/vuln/detail/cve-2023-2868 * https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/ * https://malpedia.caad.fkie.fraunhofer.de/actor/ghostemperor * https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/ * https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/ * https://blog.talosintelligence.com/salt-typhoon-analysis/ Credits: * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth Podcast. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    1h 44m
  8. AMA 001 | TIKTOK BAN

    FEB 24

    AMA 001 | TIKTOK BAN

    Episode Description: Welcome to the first Ask Me Anything (AMA) episode of The Intrusions in Depth Podcast! Host Josh Stepp takes a break from scripting his next deep-dive episode to answer listener questions in an unscripted, off-the-cuff format. To kick off this new series, Josh tackles a listener's question about the TikTok ban, its national security implications, and President Trump’s decision to delay enforcement for 75 days.  What starts as a straightforward discussion spirals into a multi-faceted analysis—covering creators, consumers, legal ambiguities, historical precedents, and even a bit of conspiracy theorizing. From Romanian election recalls to the potential for government ownership of social media, Josh explores the messy intersection of technology, democracy, and geopolitics. Whether you’re a TikTok skeptic or a free-speech advocate, this episode offers plenty to chew on.Joining the mailing list to participate: Main Topics Discussed * The TikTok Ban Overview * Listener question: Thoughts on the TikTok ban, national security allegations, and Trump’s 75-day enforcement delay. * Josh’s approach: Analyzing the issue through multiple lenses—creators, consumers, the platform itself, legal precedent, and conspiracy angles. * Creators and Consumers * Sympathy for creators who rely on TikTok for livelihoods, especially those with limited job prospects (e.g., ex-felons, mental health challenges). * Counterpoint: National security may outweigh individual needs; alternative platforms (YouTube Shorts, Instagram Reels, etc.) exist for diversification. * Audience perspective: Claims of First Amendment violations are weak—governments already limit speech for security (e.g., classification). * National Security and Precedents * Historical examples: FDR’s Office of Censorship post-Pearl Harbor, Trump’s WeChat ban, and Russia’s Sputnik/RT restrictions. * TikTok concerns: Data harvesting by China, potential influence ops, and speculative backdoor risks (e.g., Pegasus-style exploits). * Comparison: U.S. tech giants (Meta, Google, X) could pose similar risks—why single out TikTok? * The Law Itself * Critique of the TikTok ban legislation: Vague terms (“foreign adversary,” “significant threat”) invite abuse. * Hypothetical misuse: Could target platforms like X if tied to foreign influence (e.g., Musk’s China ties). * Suggestion: Write clearer laws (e.g., ban data transmission to China) rather than broad, ambiguous bans. * Romanian Election Recall (2024) * Context: Far-right candidate’s lead annulled due to alleged TikTok interference (possibly Russian-linked). * Pro-recall: Evidence of coordinated campaigns; protects electoral integrity. * Anti-recall: Evidence is circumstantial; risks censorship and voter agency. * Broader issue: Balancing tech, democracy, and free speech in the digital age. * Conspiracy Time * Theories debunked: TikTok moving servers to Meta during a blackout—impractical for modern apps. * Speculation: Congress’s shift possibly due to classified briefings (e.g., NSA findings). * Trump’s reversal: Political strategy, donor influence (Jeff Yass), or a deal-making play for U.S. ownership. * Trump’s 75-Day Delay and Future Outlook * Possible motives: Appealing to young voters, donor pressure, or negotiating U.S. stakes in TikTok. * Innovative idea: Government ownership of tech stakes (e.g., Alaska’s oil fund model) to benefit taxpayers. * Prediction: Ban likely upheld, but TikTok persists under U.S. ownership (e.g., Oracle, Musk). Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * http(s)://www.youtube.com/watch?v=e1pTCSFrkbk&ab_channel=All-InPodcast * https://en.wikipedia.org/wiki/Office_of_Censorship * https://newsroom.tiktok.com/en-eu/continuing-to-protect-the-integrity-of-tiktok-during-romanian-elections * https://www.bbc.com/news/articles/cm2v13nz202o * https://x.com/mtaibbi/status/1865269938597879902 * https://x.com/mtracey/status/1865097680805839008 Credits: * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to Intrusions inDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    46 min
See All (22)

Ratings & Reviews

About

A podcast that analyzes cyber attacks and the threat actors that conduct them. Hosted by Josh Stepp www.intrusionsindepth.com

Information