UNC1151, a Russian threat group whose activities are tracked as "Ghostwriter," has been determined to have a much larger infrastructure and more extensive operations than previously believed. Prevailion, who announced its findings yesterday, says that it's unclear whether UNC1151 is a single organization, but that its infrastructure and the Ghostwriter campaign appear to have "an overarching theme and direction." Prevailion found eighty-one malicious domains "clustered with the activity" that had hitherto gone unremarked, which would make UNC1151's infrastructure about three times as large as earlier reports had reckoned it.
The LockBit operators have jumped the gun on their own deadline for the release of data stolen in its ransomware attack on Bangkok Airways, BleepingComputer reports. The gang also claims to have used credentials stolen from Accenture to access and encrypt files at an unnamed airport. That last brag, however, seems not to be true. As Accenture commented to Threatpost, "We have completed a thorough forensic review of documents on the attacked Accenture systems. This claim is false. As we have stated, there was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat actor, we isolated the affected servers.”
Researchers at the Singapore University of Technology and Design have described a set of Bluetooth Classic protocol vulnerabilities collectively known as BrakTooth. The affected firmware is thought, the Record says, to be found in more than fourteen-hundred chipsets. The Register reports that BrakTooth's impact and severity varies considerably across different devices.