CyberHunta, thought to be Ukrainian hacktivists, dox Putin consigliere Vladislav Surkov, releasing emails that indicate Surkov's connections with Russian separatists fighting inside Ukraine. The Russian government has long denied such support, but vanishingly few observers believe those denials. President Putin says the emails are fabricated: "Surkov doesn't use electronic mail."
The French government looks at ongoing US experience with online political meddling (which the US has ascribed to Moscow) and warns its own candidates that they should expect to be on the receiving end of similar ministrations.
US intelligence sources say ISIS continues to seek to inspire attacks online from its Syrian headquarters in Raqqa. Vectra Networks says it's found an extensive cyber espionage campaign, "Moonlight," operated by Hamas against unnamed Middle Eastern targets.
Dyn offers more results of investigation into the distributed denial-of-service attack it sustained last week. It confirms that it was a Mirai botnet and that about 100 thousand devices were implicated (fewer than earlier estimates had put the number). The attackers used masked TCP and UDP traffic across Port 53; they also employed recursive DNS retry traffic. Investigation of the Dyn attacks is ongoing; Dyn won't speculate about attackers or their motives.
Analysts warn that more attacks like this can be expected; Singapore's StarHub already experienced them on Saturday and again on Monday. Correro reports observing exploitation of Lightweight Directory Access Protocol (LDAP) to amplify DDoS attack traffic over the weekend. The company warns that LDAP exploitation combined with a Mirai botnet could prove extremely serious.