Microsoft said yesterday it had disrupted a major criminal enterprise that exploited multi-cloud infrastructure to deploy automated tools that staged a very large business email compromise scheme at scale.
The AP, building on work Group-IB issued late last week, reports that Chinese exploitation of Pulse Connect Secure (patched some time ago) was more extensive than previously believed. It remains unclear what data were extracted in the course of the attacks.
Secureworks describes the tactics of the Hades ransomware operators in a report out this morning. The researchers call the threat actor "Gold Winter," and they say the gang appears to be financially motivated. It's a "big game hunter" that finds and pursues high-value targets, notably in the North American manufacturing sector. Secureworks says its findings don't support others' conclusion that Hades is being run by the Chinese state-sponsored actor Microsoft calls "Hafnium," best known for its exploitation of vulnerable Exchange servers. Secureworks also disputes attribution of Hades to the Gold Drake gang. While Hades and WastedLocker share some similar code, Secureworks believes they're run by distinct threat actors.
CISA issued its weekly vulnerability summary yesterday evening. Eleven vulnerabilities were rated “high severity."
Poland's prime minister will hold closed-door sessions with members of parliament to discuss recent cyberattacks against high-profile government officials, the Washington Post reports.
Presidents Biden and Putin will meet in Geneva tomorrow for the long-anticipated Russo-American summit. Cybersecurity and Russian toleration of cybercrime are expected to figure prominently among the agenda, says the Guardian, but expectations remain modest.