BadRabbit's odd behavior—sophisticated, noisy, and brief—may have an explanation: it appears the campaign was misdirection. Ukrainian police have told Reuters that the same threat actor behind the ransomware campaign (Ukraine believes this to be the same Russian security service responsible for NotPetya) operated a quiet phishing campaign during BadRabbit's activity. The goal, investigators think, was to obtain undetected remote access to financial and other confidential data.
The AP publishes what it characterizes as a "hit list" (a long list of hacking targets, not of people marked for assassination) comprising Fancy Bear's persons of interest. It goes far beyond Fancy's notorious interest in the Clinton campaign, indeed, far beyond US targets. Aerospace and defense sector workers are on it, as are political figures from both parties, the Papal nuncio to Kiev, and the Ukrainian officer who wrote that Android gunnery app whose compromise CrowdStrike investigated late last year. (Fancy Bear is widely believed to be a unit of Russia's GRU.)
US prosecutors have identified six Russians allegedly involved in the DNC hack. Indictments are expected early next year.
Skyhigh Networks warns of "GhostWriter," in which misconfigured Amazon Web Services S3 buckets are not only exposed to public view, but can also be exploited in man-in-the-middle attacks. About 4% of the buckets accessed from within enterprise networks are thought susceptible to GhostWriter.
The more familiar problem of data loss from AWS S3 misconfiguration persists. Nearly 50 thousand Australians recently had their information exposed, as have 2.2 million Dow Jones customers.