ESET has issued a report on a cyberespionage operation targeting charitable groups, diplomatic organizations, telcos, and others in Africa, Europe, and the Middle East. The threat actor is being called "Backdoor Diplomacy" for its use of the Turian backdoor and its preference for diplomatic targets. Turian appears to be a derivative of the Quarian backdoor, seen in earlier operations against targets in Asia. Backdoor Diplomacy is a cross-platform threat, afflicting both Windows and Linux systems.
Proofpoint yesterday released a study of a criminal group that styles itself “Fancy Lazarus,” specialists in extortion by distributed denial-of-service. It's a straightforwardly criminal group, despite its self-chosen APT-style name. Fancy Lazarus has a record of pretending to be a state service. It looks more menacing that way.
Game company Electronic Arts disclosed a breach yesterday. CNN reports cybercriminals claim to have taken 780 gigabytes of data from EA, including Frostbite game engine source code, which they're now offering for sale. There appears to be no threat to player privacy. To prospective buyers of the stolen code, the crooks say they'll be entertaining serious inquiries only.
The US Justice Department announced yesterday afternoon that an international law enforcement operation has taken down Slilpp, an underground marketplace where stolen login credentials were sold. The joint action by police in Germany, the Netherlands, Romania, and the United States seized the servers Slilpp used and the domains those servers hosted.
The Wall Street Journal reports that McDonald's operations in South Korea and Taiwan have sustained a data breach.