Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.

A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard.
For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/115
Selected reading.Android GravityRAT goes after WhatsApp backups (ESET)Quarterly Adversarial Threat Report (Facebook)Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant)GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos)Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck)Darth Vidar: The Aesir Strike Back (Team Cymru)Tracking Diicot: an emerging Romanian threat actor (Cado Security)Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec)Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft)Destructive malware targeting Ukrainian organizations (Microsoft)