New Video from @hak5: Exploring Latest Cybersecurity Threats and Trends

In this new video from the @hak5 channel, Alli Diamond introduces Threatwire, a show that explores the latest threats and trends in cybersecurity. Several key topics are discussed, including a new C2 communication tactic used by the threat group APT41, a major outage of Sentinel 1, and new Australian regulations regarding ransomware. The first topic discussed is an innovative C2 communication tactic discovered by the Google Threat Intelligence team. The threat group APT41, also known as Hudoo, used Google Calendar as a command and control server for a new attack campaign. In October 2024, APT41 sent spear-phishing emails to entice targets to download malicious ZIP archives hosted on a compromised government site. Once decompressed, the archive infects the targeted Windows machine with new malware called "tough process." This malware uses advanced obfuscation techniques such as register-based indirect calls, dynamic address arithmetic, 64-bit register overflows, and a function dispatch table. The malware communicates with a C2 server, which is actually a Google Calendar controlled by the attacker. Encrypted commands are placed in calendar events at predetermined dates, and the malware retrieves these events to execute the commands on the compromised host. The results of the command executions are then encrypted and written into another calendar event. Although the use of Google Calendar as a C2 server is not new, it is unprecedented for this threat group. Another important topic is the major outage of Sentinel 1, a direct competitor of CrowdStrike in the field of threat detection and response. On May 29, 2025, Sentinel 1 experienced a total failure of its management console and associated services, although the endpoint monitoring functionality was not affected. The cause of this disruption was a software defect in an infrastructure control system, which deleted critical network routes, resulting in a widespread loss of network connectivity. The outage lasted 7 hours and was caused by an ongoing transition to infrastructure as code principles, where critical network routing rules and DNS resolvers were accidentally deleted from the production system. The video also discusses new Australian regulations regarding ransomware. Effective May 30, 2025, these regulations require Australian companies with an annual turnover of more than 3 million Australian dollars to report ransomware payments within 72 hours of payment or knowledge of payment. The report must include detailed information such as the ransom amount, exploited vulnerabilities, and communications with threat actors. This regulation is the first of its kind globally and comes at a time when, in the United States, banking groups are contesting a similar rule adopted by the SEC in July 2023, which requires publicly traded companies to report material cybersecurity incidents within four business days of discovery. In conclusion, this video provides an in-depth look at the latest trends and threats in cybersecurity, highlighting innovative tactics used by threat actors and the challenges faced by security companies. The new Australian regulations on ransomware raise important questions about transparency and regulation in the field of cybersecurity. To learn more, watch the full video here: https://www.youtube.com/watch?v=E9CvQ-M12Xg