Top stories.
- Researchers outline a years-long Russian campaign targeting the energy sector.
- New Android malware integrates with Play Store apps.
- Texas sues TV manufacturers over data collection.
Researchers outline a years-long Russian campaign targeting the energy sector.
Amazon's threat intelligence team has published a report on a years-long Russian state-sponsored campaign targeting critical infrastructure around the world, with a particular focus on the energy sector in Western nations. The researchers attribute the activity with high confidence to Russia's Main Intelligence Directorate (GRU), noting overlaps with the GRU's Sandworm group.
The researchers call the campaign "a significant evolution in critical infrastructure targeting," due to "a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined." Amazon notes, "This tactical adaptation enables the same operational outcomes, credential harvesting, and lateral movement into victim organizations’ online services and infrastructure, while reducing the actor’s exposure and resource expenditure."
New Android malware integrates with Play Store apps.
iVerify warns that a new Android malware-as-a-service offering called "Cellik" allows threat actors to easily create Trojanized versions of popular apps. The researchers explain, "One of Cellik’s most problematic features is its integration with Google Play and an automated APK builder for malware distribution. Through its control interface, an attacker can browse the entire Google Play Store catalogue and select legitimate apps to bundle with the Cellik payload. With one click, Cellik will generate a new malicious APK that wraps the RAT inside the chosen legitimate app. This means a cybercriminal can take a popular app (like a game or utility that targets are likely to install), insert Cellik’s code into it, and repackage it as an installer, all using Cellik’s built-in toolkit."
Texas sues TV manufacturers over data collection.
The state of Texas has filed lawsuits against Samsung, LG, Sony, Hisense, and TCL, alleging that their televisions unlawfully collect users' personal data through Automated Content Recognition (ACR), Ars Technica reports. ACR is software that takes screenshots of users' displays every half-second. This data is collected by the TV makers and sold to third parties for targeted advertising.
Texas Attorney General Ken Paxton said in a press release, "This conduct is invasive, deceptive, and unlawful. The fundamental right to privacy will be protected in Texas because owning a television does not mean surrendering your personal information to Big Tech or foreign adversaries." Paxton made special mention of China-based Hisense and TCL, noting that the privacy concerns "are exacerbated by China’s National Security Law."
