Episode 221: Biden Unmasked APT 40. But Does It Matter?

In this episode of the podcast (#221): Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds? In our second segment, we continue our series on Left-Shifted Security with Waqas Nazir of DigitSec, a start up that helps secure Salesforce apps. The Biden Administration continued its forceful diplomacy on the issue of cyber security this week, with an announcement on Monday that named four Chinese nationals the U.S. says are responsible for a string of attacks on companies in the aerospace, biomedical, defense, healthcare, and manufacturing sectors, as well as academic research institutions.  Naming Names With APT 40 The announcement was just the latest by the U.S. government – dating back to the Obama Administration, and continued during the Trump Administration to name not only foreign governments responsible for disruptive cyber attacks (as with North Korea’s hack of Sony) but to specifically calls out individuals working on behalf of foreign governments, as with the six, Russian GRU officers named in a DOJ indictment related to the hack of the 2018 Olympics. Episode 211: Scrapin’ ain’t Hackin’. Or is it? It’s a tactic that experts note is designed as much as a message to foreign nations about the U.S.’s intelligence prowess as it is an effort to inform the public. But is the strategy working? And what can companies in sensitive industries do to protect themselves from incursions like those mentioned in the indictment? Andrew Sellers is the Chief Technology Officer at QOMPLX To answer those questions we invited Andrew Sellers, the Chief Technology Officer at QOMPLX* back into the studio to talk about the indictment. Andrew previously led enterprise network modernization and design efforts for the Air Force and large Department of Defense initiatives that included critical and global aspects of security architecture and information transport infrastructure. In this conversation, he and I talk about the limits of the U.S. government’s “name and shame” campaign, and we did into some of the tactics, techniques and processes used by APT 40, the chinese advanced persistent threat group believed responsible for the attacks.  Is Salesforce The Next SolarWinds? Salesforce.com on Wednesday announced that it completed its record $27 billion acquisition of Slack Technologies. The deal, which adds Slack’s digital messaging and collaboration platform to the Salesforce roster, is part of a Salesforce plan to create what CEO Marc Benioff called a “digital HQ that enables every organization to deliver customer and employee ...