Presidents Day may be history, but our Presidents Day sale is still a current event, with an opportunity to accelerate your cybersecurity awareness and education. For this week only, subscribers to our Daily Briefing and the Week That Was can enjoy 40% off on their first year of an annual CyberWire Pro subscription. That includes exclusive content, live event participation, and access to our extraordinary archives, all within one clean platform. This offer expires on February 19th and is for new customers only. Visit the CyberWire Pro page, select Annual Subscription, and enter code YDHVORO22L during checkout.
Do you know if your organization should be worried about advanced persistent threat actors, cyber criminals, or hacktivists? Do you know the different capabilities or attacks each group might use? LookingGlass can help you build customized, evolving threat models to assess cybersecurity threats that your organization could actually face and inform which cyber investments would improve your defenses. Find out how you can build tailored threat models in our white paper.
Lightning & Thunder in Amsterdam. Microsoft concludes Solorigate inquiry. Threat actors at work on new Macs. Lessons from ice.
The Netherlands Times reports that an investigation by Bitdefender (in cooperation with the radio news outlet Argos) has uncovered a large cyberespionage operation, apparently Iranian in origin, that’s managed to establish its infrastructure in two Amsterdam data centers. The basic malware, "Foudre" (“lightning,” in French) was identified in 2016 and has been active for about a decade. It’s added new command-and-control capabilities as well as a new component, "Tonnerre” (“thunder”) for persistence, surveillance and data exfiltration. The operation appears to target devices in the Netherlands, Germany, Sweden, and India.
Microsoft published what it calls its “final update” on Redmond’s internal investigation of Solorigate yesterday. They found no evidence that threat actors gained access to either production servers or customer data, and concluded that Microsoft systems weren't used to attack third parties. They did find signs that intruders were able to inspect some code repositories for Azure cloud identity and security programs, for Exchange, and for Intune mobile management.
ESET reports that threat actors have begun to work on Apple's new, month-old Silicon M1 Macs, the ones equipped with Apple's in-house chips. Red Canary calls the "activity cluster" "Silver Sparrow," and says it lacks a payload.
The Texas winter storms aren't, of course, a cyber incident, but they may hold lessons for business continuity and recovery planning against the possibility of cyberattacks on power grids. In this case, according to the Wall Street Journal, a number of data centers have done fine, but the storm's been harder on humans than machines.
Today's issue includes events affecting Canada, China, Estonia, the European Union, Finland, France, Germany, India, Iran, the Democratic Peoples Republic of Korea, the Netherlands, Norway, Russia, Singapore, Sweden, the United Kingdom, and the United States.