Researchers at Anomali describe a phishing campaign apparently intended to harvest credentials from some twenty-two government agencies and government contractors in several countries around the world. US targets have received the most attention, but Australia, China, Japan, Mexico, Peru, Poland, and Sweden were also prospected. No one, ZDNet says, has any idea who's behind the operation or what their ultimate objective might be. The US targets include the Departments of Commerce, Energy, and Veterans Affairs.
Forbes reports that Group-IB is investigating compromises of Telegram accounts belonging to a number of Russian entrepreneurs. Attribution in this case is also mysterious, but Group-IB doesn't think the incidents involve any flaw in the messaging app. The researchers do note that Telegram credentials are being widely traded in the dark web.
In the course of its investigation of exploits leaked by the ShadowBrokers, Zscaler has found a botnet it's calling "BuleHero" that excels at lateral movement within its targets.
TechDirt reports that Representative Ro Khanna (Democrat of California, representing Silicon Valley) sent a pro-encryption letter to Senator Graham (Republican of South Carolina, who's running the Judiciary Committee's hearing on encryption). Representative Khanna also attached a letter from Pentagon CIO Dana Deasy that stressed the importance and value of strong, end-to-end encryption.
In the US, NSA's inspector general has found deficiencies in the agency's data retention procedures: some signals intelligence data have been retained beyond limits established by law and policy. The agency accepted the findings and is working to bring its procedures into compliance.