The US Department of Homeland Security thinks China’s APT10 has been quieter since two of its (alleged) operators were indicted late last year, reports FCW, but DHS is pretty confident APT10 hasn’t gone away, and will be heard from again.
Among APT10’s activities last year, according to Recorded Future and Rapid7, was a campaign against a Norwegian managed service provider. Microsoft Security thinks otherwise, and that the threat actor in this case was APT31, also known as Zirconium.
Akamai reports a phishing campaign that uses Google Translate to obtain Facebook and Google credentials. The victim receives an email purporting to be a notification from Google that a device has logged into the victim’s account. The victim is invited to verify that the login is legitimate. When they follow the link provided, the malicious domain of a credential-harvesting page is loaded via Google Translate. The victim is then forwarded to a phony Facebook login page. Akamai says the fraud looks pretty good on a mobile device, but it’s much less convincing on a laptop or desktop.
Symantec has found a variant of the familiar tech support scam in the wild. It mimics a Norton system scan while it installs potentially unwanted programs.