We're happy to announce that you can now become a CyberWire Patron. People ask us (a lot) how they can support what we do, and now there's a new and affordable way to become part of the CyberWire story. You can help us deliver the news by becoming a patron today. As always, thanks for reading and listening.
The Cybersecurity Canon. Election influence operations continue unabated. The curious story of Google Docs phishing. Snake slithers toward Mac OS. Extortionists can now hire Fatboy.
French voters will elect their next President this weekend, and the election's final week has been roiled by accusations that Marine LePen's campaign "colluded" with Russia. In Germany, which will hold its federal elections on September 24, Hans-Georg Maassen, director of the domestic intelligence service Bundesamt für Verfassungsschutz (BfV), warns that his agency has seen a marked increase in Russian cyberespionage directed at influencing the elections. WIRED takes a look at what US sanctions did to slow down election-focused Russian cyberespionage and concludes that they accomplished essentially nothing.
Those interested in the historical continuity of Cold War espionage and propaganda with current cyber and influence operations will find the National Security Archive's Cyber Vault Highlights, just published by George Washington University, worth consulting.
The Google Docs worm phishing campaign takes an odd turn. Someone claiming to be a student at Coventry University (Bleeping Computer calls him "some Twitter dude") says he was responsible, and that it wasn't really an attack, just a test. He identifies himself as "Eugene Pupov," but Coventry University says they've never heard of him. There are other grounds for skepticism—the Twitter account @EugenePupov was registered simultaneously with the attacks, and the picture associated with it was of another Pupov entirely. Whoever's behind the incident, observers think OAuth abuse likely to continue.
Snake malware (a.k.a. Turla, Agent.BTZ, Uroburous) is getting an upgrade: FoxIT thinks it's being prepared for use against Mac OS targets.
Recorded Future describes "Fatboy," a new ransomware-as-a-service offering on a Russian-language criminal forum.
Today's issue includes events affecting China, European Union, France, Germany, Republic of Korea, Russia, Taiwan, Ukraine, United Kingdom, and United States.