Proofpoint this morning released a study of a Chinese People's Liberation Army threat actor ("TA413") that's deployed a malicious FireFox browser extension, "FriarFox," in a surveillance campaign directed against Tibetans. TA413 has also used Scanbox and Sepulcher malware in its operations so far this year. The unit's targets include Tibetan groups, both domestic and in the Tibetan diaspora. Proofpoint assesses TA413's toolset as "technically limited," but quite effective against dissident communities with a "low barrier to compromise." The campaign also suggests a shift to more open-source tools on the part of the PLA.
Ukraine's National Security and Defense Council has accused Moscow of compromising a Ukrainian government file-sharing system, the System of Electronic Interaction of Executive Bodies (SEI EB), BleepingComputer reports. ZDNet thinks the group responsible is Gamaredon, a group widely regarded as a proxy for Russian intelligence services. Cisco Talos research suggests that Gamaredon is also a mercenary player in the criminal-to-criminal market.
The text of a US House bill whose stated purpose is enhancement of cyber diplomacy is now available. The proposed measure would make it "the policy of the United States to work internationally to promote an open, interoperable, reliable, unfettered, and secure Internet governed by the multi-stakeholder model." That policy would work toward promotion of human rights, democracy, the rule of law (including freedom of expression), innovation, communication, and prosperity, and that would respect privacy and work against "deception, fraud, and theft." The legislators are looking at Russia and China, as the draft's "Findings" clearly indicate.