Late December's cyber attack on a Ukrainian electrical utility has been linked to a variant of the BlackEnergy Trojan long disseminated by the "SandWorm" threat actors. The attack produced rolling blackouts in Western Ukraine, but ESET researchers believe the operation sought to affect a much wider area than a single oblast: they've found the malware in at least two other utilities' networks.
The attack was accompanied by a flood of calls to utility support centers, effectively distracting responders through misdirection and some telephony denial-of-service. BlackEnergy includes both persistence and file destruction functionality.
Ukraine's SBU security service unambiguously blames Russia for the operation (the Kremlin has not commented) and Western observers tend to agree. The nature of the attack, ongoing tension between Ukraine and Russia, and the absence of an obvious criminal motive strongly suggest state activity. Coming after revelation of Iranian reconnaissance of a small New York State dam's control system, this attack exacerbates concerns about infrastructure cyber vulnerabilities.
Hackers DDoS the Saudi Ministry of Defense to protest a leading Shiite cleric's execution. (Iran says the hackers are Saudi Shiites.)
As authorities hunt for "Jihadi John," the latest murderous online face of ISIS, the case for Daesh's effective use of crypto strikes observers as increasingly weak.
PlayStation succumbed to a DDoS attack last night (responsibility claimed by the PhantomSquad skids).
Emsisoft reports finding new Java-based ransomware, "Ransom32." It's evasive and works across several operating systems.
Cisco Jabber is vulnerable to man-in-the-middle attacks. No patch or workarounds are as yet available.