Proofpoint describes a new, modular remote access Trojan, “tRAT,” distributed by the criminal group familiar from its involvement in the notorious Dridex campaigns. tRAT is distributed by social engineering: phishing emails with malicious Microsoft Word documents attached.
A cyberespionage campaign against engineering and maritime targets in the UK has been traced by Recorded Future to a Chinese threat actor, known variously as “TEMP.Periscope” and “Leviathan.” The group makes interesting use of techniques apparently repurposed from the Russian threat actors DragonFly and APT28 (that is, Fancy Bear, the GRU) (SecurityWeek).
The HookAds malvertising campaign is actively redirecting victims to the Fallout exploit kit (BleepingComputer).
The implausible but depressingly effective Bitcoin-based advance-fee scam (as in, “send us a Bitcoin and we’ll send you ten in return”) has assumed new forms, with major brands’ Twitter accounts being hijacked or spoofed to convince the unwary. Target and Google are among those major brands (Naked Security, Graham Cluley).
Bitcoin itself has seen its price crash below $6000 on trading markets this week, as speculators apparently fear a coming fork (TechCrunch).
Nigeria’s new Cyber Command, staffed by technically proficient military officers, is expected to help with counter-terrorism. The government also hopes the young organization will take a toll on the country’s organized cybercriminals. That won't be easy—the gangs are a deeply rooted subculture (TechNative).
Fancy Bear says the DNC can’t sue them (ABC).