ClearSky and Trend Micro release the results of their research into CopyKittens, which they characterize as a cyberespionage group, operating from and on behalf of Iran. The CopyKittens have been operating since 2013 at least; their interests are consistent with nation-state strategic intelligence objectives: legislative bodies, foreign and defense ministries, the defense and aerospace industry, academic research institutes, and so on. The nations principally targeted include Israel, Saudi Arabia, Turkey, the United States, Jordan, and Germany. Some recent high-profile victims have been Germany's Bundestag and the Jerusalem Post. The group uses DNS for both command-and-control communications and data exfiltration. ClearSky and Trend Micro call CopyKittens' latest campaign "Wilted Tulip."
Another user configuration error exposes cloud data. This time it's Google Groups, not AWS. RedLock finds that "hundreds" of enterprises have left their information out for inspection; the problem seems to arise from the casual choice to make groups "public on the internet."
Criminals have hit another Ethereum initial coin offering. On Sunday about $8.4 million in VERI tokens were stolen from Veritaseum's ICO.
After last week's theft of $32 million in Ethereum cryptocurrency via a flaw in the wallets' contract, the White Hat Group said they intended to "rescue" and return Ether exposed to the same vulnerability. We were skeptical, but our skepticism was misplaced: apparently the White Hat Group is proving as good as its word. Motherboard reports the the White Hat Group obtained control of about $208 million in Ethereum assets, and will finish returning the funds Monday.