China's Ministry of State Security (MSS) says that an unnamed foreign intelligence service had accessed passenger travel records in 2020, the Record reports. A public statement by the MSS about a cyberespionage incident is unusual: naming and shaming haven't been Chinese practice.
Naming and shaming represent, of course, a common Western practice, and over the weekend Palo Alto Networks' Unit 42 released a description of a targeted cyberespionage campaign against ManageEngine ADSelfService Plus. The vulnerability undergoing exploitation is the same one, Palo Alto says, that the Cybersecurity and Infrastructure Security Agency (CISA) warned against back on September 16th, but the campaign itself is distinct from the efforts cited in CISA's alert. In the case Palo Alto describes, the payload installs a Godzilla webshell, and, in some cases, an NGLite backdoor. They also detected deployment of an uncommon credential stealer, KdcSponge. Attribution remains preliminary and circumstantial, but Palo Alto Networks thinks the tactics, techniques, and procedures look a lot like those used by the Chinese espionage group Threat Group 3390 (also known as APT27, Emissary Panda).
The Conti gang, who stole and dumped personal information from the upscale London jeweler Graff, now says they're sorry. Not sorry in general, just sorry for stealing Arab royalty's personal data. They still intend to expose the "US-UK-EU Neo-liberal plutocracy," but Conti said, Vice reports, that “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience.”