Cisco's Talos research unit yesterday reported its discovery of VPNFilter, a modular and stealthy attack that's assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There's considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets, and the US Government has attributed the VPNFilter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia's GRU military intelligence service.
Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine's Constitution Day, June 28th.
The US FBI has seized a key website used for VPNFilter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPNFilter could be used for "intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."
Dragos has an update on XENOTIME, the threat actor behind the TRISIS malware used to disable Schneider Electric Triconex instrumented industrial safety system. The TRISIS attack last December disrupted operations at a Middle Eastern petrochemical facility. Targeting safety systems represents a dangerous escalation. Dragos is moderately confident that XENOTIME will prepare further campaigns.
GDPR comes into full effect tomorrow, attended by much advice for enterprises.
A US Federal court says President Trump can't block you from his Twitter feed.