Moneyweb reports that South Africa's Transnet has declared force majeure (and thus claimed relief from liability) in a letter to its customers, acknowledging that what was initially described as "disruption on an IT network" amounted to “an act of cyber-attack, security intrusion and sabotage.” The letter explains, “Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage. Transnet is implementing all available and reasonable mitigation measures to limit the impact of this compromise." According to Bloomberg, operations at South Africa's six major container ports have been disrupted.
Sky News has obtained and published documents it believes represent planning by the Shahid Kaveh unit of Iran's Revolutionary Guard Corps for cyberattacks against ships and oil facilities. The documents also indicate an interest in satellite communication systems, especially as they're used in maritime operations, and in building control systems. Western firms, particularly companies in the UK, the US, and France, figure among the intelligence targets.
Kaseya yesterday responded to speculation that it had paid off the REvil gang to obtain a decryptor with a categorical denial that it had either paid ransom or negotiated with the extortionists. There's no word on reasons for the non-disclosure agreement (NDA) Kaseya asked customers to sign, and which prompted much of the speculation that ransom had been paid, but, as experts interviewed by ZDNet note, there's nothing inherently nefarious about an NDA.
BlackBerry reports a trend: cybercriminals are using uncommon programming languages to help evade detection.