Zero Day $10 / month

Zero Day Substack focuses on the nexus of cybersecurity, national security, and the geopolitical landscape, highlighting incidents of cyberattacks, espionage, and the challenges in securing digital infrastructure against state-sponsored actors and hackers. It covers real-world cases, legal ramifications, and the evolving tactics of cyber warfare.

Cybersecurity National Security Cyberattacks Espionage Legal and Regulatory Issues Supply-Chain Security Surveillance Digital Infrastructure

The hottest Substack posts of Zero Day

And their main takeaways

How North Korean Workers Tricked U.S. Companies into Hiring Them and Secretly Funneled Their Earnings into Weapons Programs

1319 implied HN points 20 Oct 23
🌍 World Politics North Korea Money Laundering Sanctions
  1. North Korean IT workers tricked US companies into hiring them to secretly funnel money to North Korean weapons programs.
  2. They used elaborate methods to conceal their identities, such as fake profiles, stolen documents, and VPNs.
  3. The FBI discovered the scheme, seized funds, and warned that North Korean activity is still ongoing.

Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner

899 implied HN points 26 Oct 23
🕹 Technology Malware Ransomware
  1. The StripedFly malware was initially thought to be a crypto miner but turned out to be a sophisticated spy platform that infected over a million victims worldwide since 2017.
  2. One unique aspect of StripedFly is the custom-coded TOR client used for communication and data transfer, which shows the attackers' high level of skill and security consciousness.
  3. StripedFly includes a ransomware component named ThunderCrypt, raising questions about the intent behind including ransomware in an espionage tool and how it fits into the overall operation.

Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company

1259 implied HN points 09 Apr 23
🌍 World Politics Intelligence Military Defense Conflict
  1. A leaked Pentagon document suggests Russian hacktivists breached a Canadian gas pipeline company, with the ability to cause an explosion and instructions from the FSB.
  2. The hackers claimed to have caused damage to the Canadian facility, including increasing valve pressure and disabling alarms, aiming to impact income, not cause loss of life.
  3. US authorities are investigating the authenticity of the leak, which included several documents about Russia's war plans and intelligence on various countries.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Hello and an Update

1259 implied HN points 06 Apr 23
📰 News Journalism Surveillance Government Surveillance
  1. Kim Zetter is working on various projects that are taking longer than expected.
  2. She is co-teaching a course about government surveillance and classified leaks at Johns Hopkins SAIS.
  3. Students in the course show a deep understanding of surveillance nuances and the importance of balancing security with civil liberties.

SEC Targets SolarWinds' CISO for Rare Legal Action Over Russian Hack

839 implied HN points 28 Jun 23
💼 Business Legal action Cybersecurity Corporate Governance
  1. The SEC has sent notices to SolarWinds' employees over potential legal action related to the Russian hack.
  2. Receiving Wells notices is rare, especially for a CISO, and can lead to penalties and restrictions on future roles.
  3. SEC is expanding its focus on cybersecurity breaches and companies may face consequences for misleading disclosures or failing to address vulnerabilities.

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

1139 implied HN points 20 Apr 23
🕹 Technology Cybersecurity Software Supply Chain Malware
  1. Hackers compromised a software maker by embedding malware in another company's program, leading to a chain of infections.
  2. This breach shows the potential for threaded supply-chain hacks to infect multiple software suppliers and customers.
  3. Financially motivated North Korean hackers were behind the attack on 3CX and it's recommended that compromised software be deleted immediately.

How Volexity Discovered the SolarWinds Hacking Campaign

899 implied HN points 17 May 23
🕹 Technology Cybersecurity
  1. Volexity discovered a sophisticated hacking group named Dark Halo inside a U.S. think tank's network during incident-response.
  2. The hackers used a backdoor in the organization's Microsoft Exchange server and bypassed the Duo multi-factor authentication system.
  3. Volexity suspected the hackers gained access to the network through a backdoor in the SolarWinds software, which was later confirmed by security firm Mandiant.

Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving

140 HN points 08 Aug 23
🔬 Science Radiation Data Manipulation Investigation
  1. Radiation sensors at Chernobyl spiked after the Russian invasion, leading to suspicions of data manipulation.
  2. Patterns in the data from sensors indicated possible data manipulation rather than actual radiation spikes.
  3. The disappearance of the server and hard drives from the Ecocenter raised questions about who may have tampered with the sensor data.

Interview with the ETSI Standards Organization That Created TETRA "Backdoor"

7 HN points 25 Jul 23
🕹 Technology Cybersecurity Communication Encryption Vulnerabilities
  1. TETRA radio communication technology used by police and critical infrastructure was found to have a backdoor, reducing encryption strength.
  2. Keeping encryption algorithms secret can hinder security, as seen in the TETRA case where a deliberate weakness was discovered.
  3. ETSI created new secret algorithms to address vulnerabilities, but the debate continues on whether secrecy is the best approach for security.