At a glance.
- Gootloader uses blogging and SEO poisoning to attract victims.
- Metador: a so-far unattributed threat actor.
- An unidentified threat actor deploys malicious NPM packets.
- A large-scale pay card theft operation.
- The GRU's close coordination with cyber criminals.
- Cyber mercenaries.
- CISA issues three ICS Advisories.
Gootloader uses blogging and SEO poisoning to attract victims.
Deepwatch describes how Gootloader uses well-planned and targeted blogs (with translation services and suggested links) in a search-engine-optimization (SEO) poisoning campaign. The operators appear to be trawling for users interested in topics related to "government, legal, healthcare, real estate, and education." Geographically, many countries are targeted, but most attention seems to be paid to the Five Eyes: Australia, Canada, New Zealand, the United Kingdom, and the United States. The operation looks like one run on behalf of a nation-state intelligence service, but Deepwatch offers no attribution.