The dark hole of ‘friendlies’ and Western APTs

Three Buddy Problem – Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.

Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.

We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Dutch intelligence agency outs ‘Laundry Bear’ Russian APT
• Russian gov hackers buying passwords from cybercriminals
• Microsoft: Russian actor Void Blizzard targets critical sectors for espionage
• Censys data on AyySSHush ASUS router botnet
• Czech Republic statement on Chinese hack
• Czech gov condemns Chinese hack on critical infrastructure
• NATO floats cybersecurity included in new spending target
• Mark your Google Calendar: APT41 innovative tactics
• The rise of responsible behavior: Western commercial reports on Western cyber threat actors
• How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
• ASUS Botnet Tracker
• CISA: Logging Made Easy (LME)