ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。

---

• 事件、事故
  • 欧米の法執行機関の協力により、暗号資産への投資詐欺に関与した容疑者を逮捕
  • 米司法省が北朝鮮の IT 労働者による不正に収益を得るための活動を摘発
  • 米財務省がロシアのホスティングプロバイダー Aeza Group に対して制裁
• 攻撃、脅威
  • Varonis が Microsoft 365 の Direct Send 機能を悪用するフィッシング攻撃について報告
  • CISA などが共同でイランによるサイバー攻撃活動に関する注意喚起
  • Microsoft が北朝鮮の IT 労働者による不正な活動に関する報告
• 脆弱性
  • CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+2+1 個の脆弱性を追加
  • Google が Chrome のゼロデイ脆弱性を修正
• その他
  • 国家サイバー統括室が発足
  • (お知らせ) 今年も 7/10-7/12 に Hardening Designers Conference 2025 やります！

事件、事故

欧米の法執行機関の協力により、暗号資産への投資詐欺に関与した容疑者を逮捕

(6/30) Crypto investment fraud ring dismantled in Spain after defrauding 5 000 victims worldwide - Fraudsters laundered EUR 460 million in illicit proceeds | Europol

On 25 June 2025, the Spanish Guardia Civil, with the support of Europol and law enforcement from Estonia, France and the United States of America, arrested five members of a criminal network engaged in cryptocurrency investment fraud. The investigation identified that the perpetrators had laundered EUR 460 million in illicit profits stolen through crypto investment fraud from over 5 000 victims from around the world.

米司法省が北朝鮮の IT 労働者による不正に収益を得るための活動を摘発

(6/30) Office of Public Affairs | Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes | United States Department of Justice

The Justice Department announced today coordinated actions against the Democratic People’s Republic of North Korea (DPRK) government’s schemes to fund its regime through remote information technology (IT) work for U.S. companies. These actions include two indictments, an arrest, searches of 29 known or suspected “laptop farms” across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites.

米財務省がロシアのホスティングプロバイダー Aeza Group に対して制裁

(7/1) Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft | U.S. Department of the Treasury

Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting cybercriminal activity targeting victims in the United States and around the world. BPH service providers sell access to specialized servers and other computer infrastructure designed to help cybercriminals like ransomware actors, personal information stealers, and drug vendors evade detection and resist law enforcement attempts to disrupt their malicious activities. OFAC is also designating two affiliated companies and four individuals who are Aeza Group leaders. Finally, in coordination with the United Kingdom’s (UK) National Crime Agency (NCA), OFAC is designating an Aeza Group front company in the UK.

攻撃、脅威

Varonis が Microsoft 365 の Direct Send 機能を悪用するフィッシング攻撃について報告

(6/27) Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails

CISA などが共同でイランによるサイバー攻撃活動に関する注意喚起

(6/30) CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment | CISA

Today, CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.

Microsoft が北朝鮮の IT 労働者による不正な活動に関する報告

(6/30) Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations | Microsoft Security Blog

Since 2024, Microsoft Threat Intelligence has observed remote information technology (IT) workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the Democratic People’s Republic of Korea (DPRK). Among the changes noted in the North Korean remote IT worker tactics, techniques, and procedures (TTPs) include the use of AI tools to replace images in stolen employment and identity documents and enhance North Korean IT worker photos to make them appear more professional. We’ve also observed that they’ve been utilizing voice-changing software.

脆弱性

CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+2+1 個の脆弱性を追加

(6/30) CISA Adds One Known Exploited Vulnerability to Catalog | CISA

• CVE-2025-6543 Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability

(7/1) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
• CVE-2025-48928 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

(7/2) CISA Adds One Known Exploited Vulnerability to Catalog | CISA

• CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability

Google が Chrome のゼロデイ脆弱性を修正

(6/30) Chrome Releases: Stable Channel Update for Desktop

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

その他

国家サイバー統括室が発足

(7/1) 国家サイバー統括室の設置について

(7/1) 令和7年7月1日 国家サイバー統括室発足式 | 総理の一日 | 首相官邸ホームページ

(7/1) 「能動的サイバー防御」の司令塔「国家サイバー統括室」が発足 | NHK | サイバー攻撃

7月１日、サイバー対処能力強化法等の一部施行に伴い、内閣サイバーセキュリティセンター(NISC)は国家サイバー統括室(NCO)に改組されました。
そのため、アカウント名を更新しております。引き続き、よろしくお願いいたします。

— NCO国家サイバー統括室 (@cas_cyberpr) July 1, 2025

(お知らせ) 今年も 7/10-7/12 に Hardening Designers Conference 2025 やります！

Hardening Designers Conference 2025 - セキュリティ堅牢化をデザインするカンファレンス | Hardening Project