Iranian news services are calling the incident that disrupted fuel distribution in that country as an Israeli cyberattack. Asharq al-Awsat reports that officials intend to release results of their investigation within a few days. In the meantime Tehran has retaliated by doxing Israeli Defense Minister Benny Ganz and a number of Israeli soldiers. The Jerusalem Post says the doxing was accomplished by a threat actor calling itself "Moses Staff' (sic), and the Tehran Times suggests that more will be heard from Moses Staff as tension between Israel and Iran rises. Haaretz reports that Moses Staff has obtained Israeli troop deployment information.
Morphisec has released research into a new ransomware strain they're calling "Decaf." It's noteworthy for its use of the Go language, increasingly popular among cybercriminals. (Babuk, Hive, and HelloKitty are other ransomware tools written in Golang.) Decaf appeared in September and its development has continued into this month.
Proofpoint has identified a new criminal threat actor, tracked as TA2722, that impersonates agencies of the Philippine government in phishing operations designed to distribute Remcos and Nanocore remote-access Trojans. TA2722 targets shipping, logistics, manufacturing, business services, pharmaceutical companies, and energy providers. Victims have been found in North America, Europe, and Southeast Asia. ZDNet points out that the target selection poses a risk to already stressed supply chains.
The Green Bay Press Gazette reports that Schreiber Foods has recovered sufficiently from the ransomware attack it sustained to resume plant operations.
CISA has issued a fresh set of industrial control system security advisories.