In an apparent effort to up their offensive cybersecurity game, the Daily Beast reports, North Korea's Lazarus Group is phishing Chinese security researchers. CrowdStrike reads the campaign as aimed at obtaining new attack tools that can be used for the financially motivated hacks Pyongyang uses to address the pariah regime's chronic fiscal shortfalls.
The Rockethack group, which Trend Micro researchers track as Void Balaur, is an increasingly important player in the C2C market, CSO writes in an overview of the gang. Void Balaur is unusual in that it both advertises in Russophone criminal circles and hits Russian targets, which is an uncommon combination.
It's Thanksgiving weekend in the US, and the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory reminding organizations (and in particular their "critical infrastructure partners") to be especially vigilant during the holiday season. Organizations should be on the alert for phishing scams, fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online, and unencrypted financial transactions.
CISA has also issued an "Infrastructure Dependency Primer" intended to help state and local governments in particular improve their resilience by understanding and planning for the ways in which dependencies shape risk.
The US Securities and Exchange Commission (SEC) warned late Friday of spoofed communications that appear to come from the SEC but in fact originate with scammers. The communications arrive in many modalities, including phone calls, voicemails, emails, and even physical letters.