At a glance.
- Billbug cyberespionage threat actor compromises certificate authority.
- Vulnerabilities affect Zendesk Explore.
- Fangxiao works ad scams.
- Killnet claims to have defaced a US FBI site.
- CISA registers another Known Exploited Vulnerability.
- Difficulties with Twitter's SMS 2FA system.
Billbug cyberespionage threat actor compromises certificate authority.
Symantec has found that a Chinese state-sponsored threat actor compromised a digital certificate authority in an unnamed Asian country. The threat actor also compromised government and defense agencies in several Asian countries. The threat actor, which Symantec (a unit of Broadcom) tracks as “Billbug” (also known as Lotus Blossom or Thrip), probably intended to us the compromised certificate authority to sign its malware files. Billbug likely motivated by espionage. Billbug has been seen before. Symantec noted in 2019 that Billbug is based in China, and its primary goal appears to be espionage. For more on Billbug's recent campaign, see CyberWire Pro.