At a glance.
- Chinese cyberespionage reported against Iran.
- DNV recovering from ransomware.
- Other attacks against industrial systems.
- CISA adds to its Known Exploited Vulnerability Catalog.
- CISA releases four ICS advisories.
- A side-effect of Russia's war: a drop in paycard fraud.
- The persistence of nuisance-level hacktivism.
Chinese cyberespionage reported against Iran.
Palo Alto Networks’ Unit 42 has published a report describing “Playful Taurus” (also known as APT15 or Vixen Panda), a Chinese threat actor known for carrying out cyberespionage campaigns against government and diplomatic entities around the world. In this case, Playful Taurus is targeting government entities in Iran with a new version of its Turian malware. The threat actor appears to have compromised the networks of at least four Iranian government organizations, including Iran’s Ministry of Foreign Affairs. The new version of the threat actor’s malware includes “some additional obfuscation and a modified network protocol.” For more on Playful Taurus, see CyberWire Pro.