Recorded Future updates its reporting on Russian threat groups' hijacking of Iranian cyberattack tools and infrastructure. Three Iranian groups (APT33, or Elfin, and APT35, that is, Charming Kitten, both directed by the Iranian Revolutionary Guard Corps, and MUDDYWATER, whose organizational position is less clear) have had their operational kit co-opted by a threat actor Recorded Future's Insikt Group tracks as BlueAlpha. The researchers conclude that BlueAlpha is run by Russia’s FSB. Why Iran? Iran's attack infrastructure is in place and readily accessible, and lends itself to false flag operations.
Ars Technica says the malware that hit Pensacola was a variant of Maze ransomware.
The Media Trust describes a holiday campaign they’re calling “Krampus-3PC” after the malign anti-Saint Nicholas of Central European folklore who visits households not with gifts, but with punishment for misbehaving children. Krampus uses a redundant redirection mechanism to more effectively collect personal information. It targets iPhone users, whether they've been naughty or nice.
TrickBot, even after having been hired by Pyongyang’s hacker masters, has continued its phishy ways. IBM warns that payroll-themed spam is spreading the malware.
China’s progress toward Internet sovereignty continues. Computing reports that Tianjin Kylin Information and China Standard Software have formed a joint venture to produce a domestic operating system.
Looking at yesterday's hearings before the Judiciary Committee, Forbes sees the US Senate’s sympathies shifting toward the Justice Department’s restrictive position on encryption. Justice may have found its persuasive heavy artillery in child protection, long among the biggest guns in advocacy's rhetorical battery.