ThreatConnect reviews the circumstantial evidence that Emmanuel Macron's campaign for France's presidency was indeed phished by Fancy Bear (Russia's GRU). The campaign itself has confirmed that it sustained phishing attempts, but says that no data were lost. Observers are watching for leaks timed before the second round of the elections, May 6th and 7th.
The same group is thought responsible, on the strength of similar circumstantial evidence, for phishing attempts directed against think tanks affiliated with the parties in Germany's coalition government: the CDU's Konrad Adenauer Foundation and the SPD's Friedrich Ebert Foundation.
Chinese and Russian criminal organizations continue to pick through ShadowBrokers' recent dump as they look for tools they can exploit in the wild.
Israel's government takes the unusual step of reporting that it sustained and stopped a cyberattack mounted by an unnamed foreign state. The disclosure may be related to ongoing controversy over a proposed cybersecurity law.
Sudan's government is employing a hacking group called "Electronic Jihad" against ISIS; critics see a collateral effect on dissidents in general.
Both Symantec and Verizon have released major threat studies, and they highlight two trends: the growing popularity of ransomware among criminals, and the very significant rise in cyberespionage by nation-states.
RiskIQ describes NoTrove, an ad spammer whose large-scale efforts are the bad money driving the good money from online advertising. Check Point warns of another quiet botnet, "FalseGuide," infesting Android devices—some 600,000 of them, it estimates—with adware.
Webroot yesterday fixed the bug that flagged Windows as malicious.