Kaspersky researchers describe a new and in their view sophisticated remote access Trojan being used in a Chinese cyberespionage campaign against Vietnamese military and other government targets. Threatpost reports that the malware used, “FoundCore,” is unusually evasive, and that it’s associated with the Cycldek threat actor (a.k.a. APT27 or Goblin Panda).
The Molerats are back, and continuing to catphish for Israeli military personnel, SecurityWeek reports. Researchers at Cado Security say that the Palestinian-associated group is using voice-changing software to pose as women seeking to approach IDF personnel.
According to Bloomberg, several European Union bodies came under cyberattack last week. Who precisely was affected is unclear, as is the threat actor responsible, but a European Commission representative said that “Thus far, no major information breach was detected.” The incident remains under investigation.
Data allegedly scraped from some five-hundred-thousand LinkedIn profiles are being offered for sale in a hacking forum, with two-million records displayed as confirmation that the sellers have the goods they say they do, CyberNews reports. It’s unclear whether the data are fresh caught or simply represent an aggregation of information obtained earlier.
Facebook has published a commentary on the recent dump of its users’ data: its systems weren’t compromised; rather the data were obtained through scraping.
Check Point describes Android malware that misrepresents itself as a Netflix content-enabler, “FlixOnline.” It’s distributed via malicious auto-replies to incoming WhatsApp messages, and, once installed, enables the attacker“to distribute phishing attacks, spread false information or steal credentials and data from users’ WhatsApp accounts.”