DomainTools has a rundown on how threat actors continue to use COVID-19-themed phishing against a wide range of targets. They’re following one campaign which delivers “a decoy document to the user which leverages a signed binary and a modified DLL to execute a Cobalt Strike Beacon payload.” Some of the activity is suggestive of Goblin Panda, a threat group aligned with the Chinese government that’s collected actively against Southeast Asian targets (especially Vietnam).
Ubiquiti has confirmed it was the victim of an extortion attempt in January, the Record reports, but the IoT shop hasn’t commented on whether personal data or source code were compromised. SecurityWeek notes that Ubiquiti shareholders have taken a bath after the incident came to light, with its stock price falling from $350 on March 31st to $290 yesterday.
The Accellion compromise continues to affect users of the company’s File Transfer Accessory (FTA), with a wave of universities reporting data breaches. The Clop ransomware gang (also tracked as the possibly distinct but associated threat actor UNC2582) is leaking stolen information. Student, faculty, and staff data at Stanford, the Harvard Business School, the University of Maryland Baltimore (Maryland’s medical school; the Baltimore Sun says other the university's other units didn’t use FTA), and the University of California (at least Berkeley and Davis) have been posted affected. Some individuals have received ransom notes.
Be on the lookout for Aleksandr Yuryevich Korshunov, an SVR officer wanted by the FBI for conspiracy to commit theft, and attempted theft, of trade secrets.