We're excited to announce that our 5th Annual Women in Cyber Security reception (#cyberwomenconnect) will be held October 18th, 2018, in the new International Spy Museum at L'Enfant Plaza in Washington, DC. To sponsor the event or request an invitation, go here.
Operation Parliament: sophisticated spies pose as skids. Sinkholing EITest. Facebook testimony wraps. Estonia reports on 2017.
Kapersky describes "Operation Parliament," a wide-ranging cyberespionage campaign that, since early 2017, has cloaked its activities by pretending to be the Gaza Cybergang, a well-known and not well-respected group of skids. The actor behind Operation Parliament appears anything but unsophisticated. The malware it used is still under study, but it does not appear to have any obvious relationship with previously seen attack code. Targets were carefully verified before infection, and Kaspersky says the unidentified operators did "just enough to achieve their goals." Most of the organizations targeted were in the Middle East and North Africa, but infections extended to Europe, South Korea, and North America as well. The campaign has slowed since the beginning of 2018, suggesting the spies got what they came for.
Proofpoint has successfully sinkholed what they call the oldest running infection chain: EITest. They say the campaign, active since 2011, seems to have been "purely criminal" as opposed to state directed. The large network of compromised servers it used (about 51 thousand), and its concealment of command-and-control infrastructure behind a domain generation algorithm, made EITest unusually resistant to takedown. EITest passed "filtered, high-quality traffic to threat actors operating exploit kits and web-based social engineering schemes."
Facebook's sessions before Congress are over, with House inquisitors getting higher marks from the media than did their Senate counterparts.
Those interested in seeing how a small country punches far, far above its weight in cyberspace will find the Estonian Internal Security Service's newly released Annual Report for 2017 good reading.
Today's issue includes events affecting Afghanistan, Canada, Chile, China, Denmark, Djibouti, Egypt, Estonia, Germany, India, Iran, Iraq, Israel, Jordan, Republic of Korea, Kuwait, Lebanon, Morocco, Oman, thePalestinian Territories, Qatar, Russia, Saudi Arabia, Serbia, Somalia, Syria, United Arab Emiratesthe United Kingdom, and United States.
A note to our readers: RSA is next week, and the CyberWire will be there. If you'll be at San Francisco's Moscone Center, too, stop by and say hello to the CyberWire team. We'll be at the Akamai booth, #3625 in the North Hall. We hope to see you there (and thanks to Akamai for their kind hospitality).
RSA can be hectic, but we’ll make putting together your schedule easy for you. If want to know the latest trends and technology in cybersecurity and threat intelligence, look no further than LookingGlass Booth #100 in the South Hall. We offer solutions – not more work – for your toughest security challenges. Come meet with us on the Expo floor or at our meeting suite in the Marriott – enjoy the discussion, demos, and refreshments. Get your free pass here.