On Wednesday Google's Threat Analysis Group (TAG) distributed an unusually high number of warnings to about 14,000 Gmail users indicating that they may presently be targeted by a government cyberespionage organization. The attempts have been attributed, BleepingComputer and the Record report, to APT28, that is, Fancy Bear, Russia's GRU. A TAG member, Shane Huntley, tweeted about the implications of such warnings: Google probably blocked the attempts, but you should take prudent steps to protect yourself now, because "you are a potential target for the next attack."
Mandiant yesterday released a report on FIN12, an "aggressive, financially motivated" ransomware gang noteworthy for its concentration on healthcare organizations. FIN12 concentrates on ransomware proper and hasn't followed the broader criminal trend toward double extortion. It's also a heavy user of initial access brokers hired in the C2C market.
NBC News reviews the current series of BlackMatter ransomware attacks against the US agricultural sector. Two Iowa-based grain cooperatives, Farmers Cooperative Company and the New Cooperative, and Minnesota-based co-op Crystal Valley are known to have been disrupted. The timing of the attacks is troubling, coming as they do around the time of the harvest. The affected organizations have been reticent about sharing information (in part due to concerns over potential litigation) and some speculate that there may be other, publicly undisclosed farming-sector victims.
Flashpoint researchers are tracking the resurgence of REvil in the Groove collective's criminal RAMP forum.
Twitch blogs that its attacker gained access via an error in one of its server configuration changes.