Palo Alto Networks’ Unit 42 reports that the Vietnamese threat group OceanLotus (APT32) has deployed a new downloader, KerrDown. It’s typically distributed either through a malicious macro in a Microsoft Office document or by a RAR archive with some DLL side-loading.
Recorded Future believes it has a line on the individual responsible for Collection #1: a cybercriminal known by the nom-de-hack “C0rpz.” The one who calls himself “Clorox” is a poseur; the one who goes by “Sanix” is a reseller. ZDNet points out that C0rpz, Clorox, and Sanix are probably at most aggregators, not hackers, and that, while the data dumps serve as reminder of the importance of sound digital hygiene, they’re not new, and not grounds for panic.
Huawei receives harsher scrutiny as a potential security risk in both Canada and the UK. In the UK, the Telegraph and the Times report recriminations over the Government’s alleged failure to take warnings of Huawei-enabled espionage seriously when it received them six years ago. It’s an open question whether the company’s early advantage in 5G technology that Bloomberg describes will enable it to ride out the international backlash over security.
If RT is any indication, Russia’s information campaign over Venezuela would seem to have begun. The outlet warns that US military intervention may be imminent and would be easy for the US to undertake. Interference in Venezuelan internal affairs would “grossly violate” international law.
KrebsOnSecurity reports that Europol will bring legal action against two-hundred-fifty users of the shuttered DDoS-for-hire Webstresser service.