A cyberattack on Sunday took down COVID-19 scheduling capabilities in the Italian region of Lazio. CNN reports that local authorities say they'd received a general, non-specific ransom demand. Accounts are confusing, but it appears that the incident was a ransomware attack. Italian authorities have offered assurances that those who've already scheduled their vaccination should expect to be able to receive it on schedule.
Cybereason this morning described a major cyberespionage campaign against Southeast Asian telecommunications providers in five unnamed countries. The researchers identified three "clusters" of activity, run by SoftCell, Naikon, and (possibly) Emissary Panda. The operators exploited Microsoft Exchange vulnerabilities against telcos with a view to facilitating espionage against other, high-value targets. "These targets are likely to include corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government."
AT&T Alien Labs has published a report on FatalRAT, which, as its name suggests, is a remote access Trojan. FatalRAT has recently spread through Telegram. Its capabilities include evasion, system persistence, keylogging, collection of system information, and exfiltrating data via encrypted command-and-control channels.
Microsoft warns of an unusually "crafty" phishing campaign currently in progress. The emails use "legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."
Recorded Future talked with someone claiming to represent BlackMatter, presumptive ransomware successor to REvil and DarkSide. BlackMatter attributes its predecessors' occultation to "the geopolitical situation."