Cybereason updates its account of Operation GhostShell, a cyberespionage campaign the firm's researchers described in July of this year. Among the discoveries they regard as particularly noteworthy are GhostShell's association with a hitherto unknown threat group, "MalKamak," believed to be operating in the interests of Iran, and MalKamak's deployment of the novel ShellClient RAT. MalKamak has been operating since 2018 at least.
BlackBerry's Research and Intelligence Team has linked China's APT41 to an ongoing campaign against espionage targets in India. The campaign is noteworthy for its use of COVID-19 or income-tax themed phishbait as it prospects its targets. BlackBerry credits earlier research by FireEye (now Mandiant) and Prevailion with setting them on the right track. (APT41 has gone by many names, including "Double Dragon," "Barium," "Winnti," "Wicked Panda," "Wicked Spider," "TG-2633," "Bronze Atlas," "Red Kelpie," and "Blackfly.")
Cybercriminals continue to follow niche fads. ESET describes how the currently shiny reputation of the new and highly volatile SafeMoon alt-coin has prompted criminals to use it as phishbait in a campaign designed to get the marks to download the Remcos RAT. Remcos itself occupies an increasingly familiar grey area: it has legitimate uses, but its also widely employed by criminals for stealing credentials from a range of browsers, keylogging, webcam and microphone hijacking, and downloading further malware.
A former advisor to former US President Trump, Fiona Hill, told Congress it was unlikely Russia had any compromising material on the ex-president. Such ascendancy as President Putin achieved was open-source: an appeal to flattery.