A large distributed denial-of-service (DDoS) attack yesterday hit Belnet, the ISP that serves much of Belgium's public sector. Belnet has since restored service. Computing notes that the attack caused the cancellation of several Parliamentary meetings (the denial-of-service prevented streaming the meetings to external participants). Among the sessions disrupted was a hearing before the Foreign Affairs Committee that would have heard testimony on human rights in China's Xinjiang Uyghur Autonomous Region. Attribution would be premature, but this context has prompted speculation about the possibility of Chinese cyber operations.
FireEye's Mandiant unit has identified three new malware varieties in a phishing campaign operated by a group it tracks as UNC2529, probably a criminal gang working for a direct financial take. The researchers call the group "capable, professional, and well resourced," and say that it researched its targets closely and tailored its phishbait to the intended catch. FireEye named the new malware families "Doubledrag" (a downloader), "Doubledrop" (a dropper), and "Doubleback" (a backdoor).
Symantec describes the ways in which threat actors respond to improved security, in this case the widespread adoption of two-factor authentication. The researchers point out that one thing the recent SolarWinds compromise, the Microsoft Exchange Server ProxyLogon attacks, and the exploitation of vulnerabilities have in common is that they obviate the need to defeat multifactor authentication.
Disinformation isn't just for information warfare. Crunchbase observes that disinformation can hit businesses, too, harming brand reputation. This can occur in the context of stock shorting, short-squeezes, pump-and-dump scams, or even unfortunate "influencer" engagements.