ClearSky researchers outline cyber incursions they attribute to Lebanon Cedar (also called “Volatile Cedar”), a threat actor in Lebanon associated with the Hezbollah faction that operates from that country. The group is using a new version of the “Explosive” V4 RAT and the “Caterpillar” V2 WebShell, installed in vulnerable servers (Atlassian Confluence, Atlassian Jira, and Oracle Fusion Middleware) by exploiting CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152. Many of the victims were telecommunications providers.
Microsoft has attributed the recently exposed long-con social engineering of vulnerability researchers to the North Korean group Microsoft calls “Zinc” and most others know as the Lazarus Group.
The Wall Street Journal reports that the threat actor (probably a Russian intelligence service) behind the SolarWinds supply chain compromise will touch a very large number of victims, only a minority of whom use the afflicted SolarWinds Orion platform. CRN quotes industry sources to the effect that there’s “no finish line” for cleaning up after this campaign.
After some retail investing platforms (notably the ironically named Robinhood) suspended, then resumed, trading in GameStop and a few other heavily shorted stocks, it remains unclear what, if anything, the self-organized social-media book-talkers did that was improper. Criticism of the trading suspensions was in the US surprisingly bipartisan, CNBC says, with left- and right-wing members of Congress joining in.
The US Government Accountability Officer (GAO) recommends that the State Department rethink its plans for a cybersecurity bureau. It's not a bad idea, says the GAO, but Foggy Bottom needs to think its plans through.