TASS reports that a website belonging to Russia's Ministry of Defense was taken offline this morning by a distributed denial-of-service (DDoS) attack. According to Reuters, the attack was stopped and access restored in about an hour. Russian authorities attribute the attack to a "source outside the Russian Federation."
Facebook yesterday said it had disrupted an operation by the Iranian threat group Tortoiseshell, whose fake personae used Facebook in an initial catphishing approach to military personnel and people who work in the defense and aerospace sector. Most of the intended targets were in the US, with some in Europe. Tortoiseshell used Facebook to establish contact and trust, often with employment assistance, eventually hoping to persuade its prospects to contact them in other ways, where the malware payloads were actually delivered. Tortoiseshell deploys RATs, reconnaissance tools, and keyloggers.
Also yesterday, Microsoft Threat reported on the activities of a "private-sector offensive actor." The company, which Microsoft assigned the name "Sourgum," sells governments intercept tools for monitoring communications of journalists, dissidents, and others in official bad odor. Microsoft calls the intercept tool itself "DevilsTongue." Microsoft acknowledged the University of Toronto's Citizen Lab for its assistance in the investigation, and Citizen Lab identifies Sourgum as the Tel Aviv-based company whose original name was Candiru, and which now does business as Saito Tech.
Huawei is unlikely to receive a reprieve, as the present US Administration has, through the Commerce Department's Bureau of Industry and Security, reasserted its predecessors' strictures against the Chinese company, Fox Business reports.