Amnesty International reports that Vietnam’s Ocean Lotus cyber intelligence group is surveilling dissidents in a renewed spyware campaign.
Canadian aircraft manufacturer Bombardier yesterday disclosed that it suffered a “limited” data breach accomplished through a third-party file-sharing application. Some “personal and other confidential information relating to employees, customers and suppliers was compromised,” the company said. Bombardier didn’t identify the third-party application through which the breach was accomplished, but others have called it Accellion’s FTA. ZDNet and the Register both report that the Clop ransomware gang posted what appear to be Bombardier design documents on its leak site.
A joint advisory from authorities in Australia, New Zealand, Singapore, the UK, and the US outlines the risks of the Accellion FTA compromise and recommends risk mitigation measures.
Yesterday’s hearings before the US Senate Select Committee on Intelligence outlined the scope of the SolarWinds hack. Reuters characterizes the testimony of the four companies who appeared—SolarWinds, Microsoft, FireEye, and CrowdStrike—as apologia for their handling of the incursion. Seeking Alpha says CrowdStrike singled out Microsoft Window’s “antiquated” authentication architecture as enabling the cyberespionage campaign. According to MarketWatch, Microsoft itself reiterated its belief that the Russian operation involved over a thousand software engineers. And Nextgov says SolarWinds recommended more liability protection.
RiskIQ reports on the activities of “Turkey Dog,” a criminal operation that’s targeting Turkish-speaking victims with the Cerberus and Anubis banking Trojans.