Charming Kitten, also known as Phosphorus or TA453, the well-known threat actor associated with Iran’s Islamic Revolutionary Guard Corp, has resurfaced in a cyberespionage campaign directed against Israeli and US medical researchers. Proofpoint researchers conclude that the current campaign (“BadBlood”) is phishing for credentials belonging to geneticists, neurologists, and oncologists. The campaign uses emails spoofing communications from Israeli scientists. Proofpoint is confident in its conclusions, but also admits that, as is often the case, attribution is based on circumstantial evidence.
POLITICO reports that Russia’s Holiday Bear successfully accessed US State Department emails. Dark Reading has a summary of the current state of knowledge about the Sunburst exploitation of SolarWinds’ Orion platform. The US is still considering its options with respect to response, retaliation, defense, and deterrence in what the Atlantic Council characterizes as a “strategic failure.”
According to Stuff, New Zealand's intelligence and security agencies have released guidance to politicians and academics on recognizing and fending off foreign influence operations. The advice is intended to be generally applicable, and does not call out particular states, since "The foreign states conducting espionage or interference against New Zealand change over time."
Akamai warns that volumetric distributed denial-of-service attacks are increasing in frequency and severity. Some of the larger attacks recently observed have been conducted in connection with criminal extortion attempts.
BleepingComputer reports that WannaCry ransomware is back, and undergoing a minor resurgence.
Reuters says that the US Federal Communications Commission has called for tougher measures to exclude Chinese hardware from US networks.