The Meris botnet-driven distributed denial-of-service attacks organizations sustained over a week ago have proven surprisingly difficult to remediate. After a week of fitful, apparent recovery, banks in New Zealand continued to experience service disruptions through the weekend, the New Zealand Herald reports. KrebsOnSecurity, which was also affected for four days by the botnet, has an account of how Meris exploited vulnerable MikroTik devices to jam networks in several countries.
According to BleepingComputer, the REvil ransomware gang is back in operation, re-emerging without even a gesture in the direction of rebranding. Apparent spokesmen for the gang said they were "on a break."
Recorded Future reports that the Chinese cyberespionage unit Mustang Panda has compromised "the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN)."
North Korean cyber operators associated with Kumsong 121 threat group are using a social media campaign as preparation for spearphishing and smishing attacks against South Korean targets, the Daily NK reports. Social media are used to establish rapport with the targets, who eventually are asked to review a column on DPRK affairs the attackers claim to have written. That document carries the malicious payload.
Over the weekend SITE Intelligence Director Rita Katz followed al Qaeda sympathizers writing in the online publication Wolves of Manhattan. They call for more attacks like those of 9/11, and are emboldened by the US withdrawal from Afghanistan, which they see as a validation of al Qaeda's original strategy.