Proofpoint has released a report concluding that APT10, associated with China’s government, was responsible for a series of phishing attacks conducted against “at least seventeen entities in the US utilities sector” between April 5th an August 29th of this year. The malware used, called “LookBack,” was embedded in malicious Microsoft Word files attached to the emails. LookBack was discovered in July. The activity appears to involve reconnaissance and battlespace preparation.
The European Union's Court of Justice has found that Google is not liable for enforcing the EU’s right to be forgotten worldwide. The Wall Street Journal thinks other decisions expected soon will introduce more uncertainty into transatlantic data transfers.
As the United Nations General Assembly’s annual summit meets, some twenty-seven countries (including all the Five Eyes) have issued a brief “Joint Statement on Advancing Responsible State Behavior in Cyberspace.” It calls for bringing cyberspace into the framework of international law (particularly by applying the principles of proportionality and discrimination that inform the law of armed conflict). CNN and others see it as directed implicitly against Russia and China: the Statement condemns attempts to "undermine democracies" and "undercut fair competition."
Edward Snowden’s new book, “Permanent Record,” is being used as phishbait, Bloomberg reports. Criminals unconnected with Mr. Snowden are emailing a pdf that purports to be the book, and asks the recipients to open and share the pdf. The email says the book has been “banned,” which isn’t true in any case, so refuse the chain letter: the pdf holds malware.