The Washington Post reports that US Cyber Command disrupted Russia's Internet Research Agency's networks on the day of the US midterm elections and for a short period afterwards, to prevent Russian trolls from causing trouble. Security expert Thomas Rid believes that "such an operation would be more of a pinprick" than a long-term deterrent, but some defense officials said that “grand strategic deterrence” wasn't the objective here. One official told the Post that "part of our objective is to throw a little curveball, inject a little friction, sow confusion."
Ukrainian President Petro Poroshenko accused Russia of launching DDoS attacks against Ukraine's Central Election Commission on February 24th and 25th, CyberScoop reports.
ESTsecurity came across a spearphishing document last week that poses as an invitation from the “Korea-U.S. Friendship Society” to a meeting in Seoul regarding the Trump-Kim summit. The company says the malware delivered is associated with North Korean hackers. CrowdStrike's vice president of intelligence Adam Meyers told CyberScoop that it's observed the same document lure being used by a suspected North Korean threat actor it calls "Velvet Chollima."
Trustwave discovered that the website for the Bangladeshi Embassy in Cairo was infected with a coinminer in October, and recently began distributing cryptomining malware to visitors via malicious Word documents. The site is still compromised, so steer clear. The researchers don't believe a nation-state is behind the activity, due to its lack of sophistication, but they say it serves as a reminder that even low-skilled attackers can compromise important government sites.