Observers continue to digest Trend Micro's report that Pawn Storm—that is, Fancy Bear, in all probability Russia's GRU military intelligence service—intruded into networks associated with French presidential candidate Emmanuel Macron. Trend Micro points out that the phishing approach used involved 0Auth abuse, a technique many normally security-aware victims might not easily recognize. Some bogus news stories have suggested Macron was bought-and-paid-for by the Saudis, but what if anything Fancy Bear got from the campaign's emails is unknown, since none of the take appears to have been used so far. Experts commenting on this and other election hacks point out that what's important here are the influence operations and not so much the technical "hacking." Effective counter-messaging would be the right response.
Recorded Future sees signs that both Russian and Chinese criminal gangs are busily at work on the ShadowBrokers' recent dump.
AlienVault has been working through the sophisticated Felismus remote-access Trojan discovered earlier by Forcepoint researchers. Felismus ("catmouse," in not particularly good Latin, so-called because of an homage to Tom and Jerry cartoons in the encryption key) is modular and evasive. It's also probably not written by a native speaker of English. But what the authors are up to remains obscure.
The cyber conflict that gutters continually in South Asia has flared again, as the Pakistan Haxors Crew defaces Indian university websites with pro-Pakistani messages promising "Kashmir will become Pakistan!" The vandalism is said to be a response to an Indian hacktivist attack against the Pakistani Railways website.