The SolarWinds campaign successfully hit accounts in twenty-seven US Attorneys' offices, the US Department of Justice said late Friday. Among the offices most affected were the Eastern, Northern, Southern, and Western Districts of New York, where 80% of employees' Office 360 accounts were compromised. The US has attributed the campaign to Russia's SVR.
While port services have resumed, the effects of the cyberattack on South Africa's Transnet continue to linger. Asiafruit reports that deliveries of fresh produce have been significantly disrupted, and Automotive Logistics sees shortages in auto parts.
The Record reports that extortionists who hit Electronic Arts (EA) last month failed to either get the game-maker to pay ransom or to find third-parties willing to buy the files they stole. Last week criminals dumped some 751GB of EA data onto an underground forum, from where the data (game source code, mostly, not customer information) have circulated to various torrent streams.
The Record also thinks it sees a decline in double extortion (encryption to render data unavailable and threats to release the data if not paid) from December's highs. (ITPro speculated recently there may be signs the ransomware operators were growing a conscience; this strikes us as wildly Panglossian.) But the criminal market has shifted. With BlackMatter apparently picking up where DarkSide and REvil left off (see BleepingComputer), and DoppelPaymer rebranded as Grief (see Zscaler), the criminal-to-criminal market remains lively. Kela tracks the recent fortunes of initial access brokers in a report released this morning. It remains a hot subsector.