McAfee describes an assault on certain high-profile Twitter accounts that's been claimed by Turkish pro-government hacktivist group Ayyildiz Tim. The attackers compromised accounts belonging to influential persons at the World Economic Forum, the UN, and Fox News to send the compromised accounts' contacts direct messages that either evinced support for Pakistani and Turkish causes or phished for account credentials.
RiskIQ reports another phishing campaign, but in this case Turkish enterprises are the victims. An unidentified espionage operator has been prospecting Turkish defense contractors with malicious email attachments that carry the Remcos RAT. Remcos performs a typical array of spyware functions-keylogging, screenshot capture, audio and video recording-as well as common RAT functionality permitting it to manage files and programs. One unusual capability: SOCKS5 proxying, which lets the controller turn victims into network proxies, thereby hiding its real command-and-control server.
Pyongyang is staying busy. Trend Micro reports that the Lazarus Group has evolved toward the use of PowerShell scripts in its ongoing cryptocurrency theft campaign. And Metrolinx, an Ontario transit company, disclosed that it was hit by a North Korean cyberattack. The organization says the attack was routed through Russia, and that neither customer privacy nor safety were compromised, but beyond that they cite security and decline to provide further information.
New Satori variants are said to be out, with fresh botnets.
Her Majesty's Government announces its intent to form a new organization whose mission will be to combat disinformation. Britain's new National Security Communications Unit will operate from the Cabinet Office.