Symantec reports another discovery in the Solorigate threat actors' armamentarium: "Raindrop," a backdoor used to drop Cobalt Strike.
The threat actors who stole COVID-19 vaccine documents appear to have altered them before releasing them online, the European Medicines Agency says. It appears to have been a disinformation effort aimed at undermining trust in the vaccines under development.
On Friday the US FBI renewed and updated a December warning about an Iranian campaign, "Enemies of the People," intended to exacerbate US domestic mistrust and division by "threatening the lives of US federal, state, and private sector officials using direct email and text messaging." The operation also involves menacing doxing.
“Enemies of the People” represents an extreme form of this tendency in influence operations. CyberScoop reports seeing a US intelligence assessment that claims Russian and Chinese services are using the Capitol Hill riot as an occasion for propaganda and disinformation.
The Bureau also warned of increased rates of vishing aimed at theft of corporate remote access credentials with a view to furthering privilege escalation. A common gambit is an invitation to log into a bogus VPN page. BleepingComputer observes that this is the second such alert the FBI has issued since the onset of the pandemic.
Federal authorities are also investigating whether a Pennsylvania woman stole a laptop or hard drive from US Speaker Nancy Pelosi's office during the Capitol Hill riots with the intention of selling it to Russian intelligence services. The Washington Post says the suspect is now in custody.