Proofpoint has identified spearphishing emails that hit at least three US companies in the utilities sector in mid-to-late July. The email domain was designed to be mistaken for one belonging to the US National Council of Examiners for Engineering and Surveying. An attached Microsoft Word document contained malicious macros that carried a malware package Proofpoint calls "LookBack." LookBack is a remote access Trojan accompanied by a command-and-control proxy mechanism. The researchers believe there's enough evidence to indicate that a nation-state was responsible, but not enough for further attribution, although there are some similarities to the Chinese group APT10.
The PCI Security Standards Council (PCI SSC) and the Retail and Hospitality ISAC warn of the rapidly developing threat of online paycard skimming. (The threat is best known as "Magecart.") The most common infection vector for the JavaScript sniffers that do the stealing have been third-party applications widely used by merchants. These typically include advertising scripts, live chat functions, and customer rating features.
RiskIQ took a look at the recent phishing campaign targeting Bellingcat, and they've conclude that it was indeed closely focused on a small number of investigative journalists who've proven annoying gadflies to the Russian government. The campaign made adroit use of ProtonMail infrastructure, which lent more plausibility than the phishing attempts might otherwise have enjoyed.
Russia isn't the only government Bellingcat scrutinizes, the Daily Beast notes. The investigative site's reports led Facebook to take down three-hundred-fifty pages and accounts for "coordinated inauthenticity" organized by the Kingdom of Saudi Arabia.