Two Russian APT groups are targeting European NATO member states with ongoing cyberespionage campaigns ahead of the EU parliamentary elections in May, CNBC reports. Researchers at FireEye observed both large-scale and highly-targeted phishing operations launched by Sandworm and APT28 against European government institutions, with the goal of stealing credentials. The two groups use different tools and techniques, but their efforts seem to be coordinated. They’re believed to have three primary objectives: stealing information and credentials for use in future attacks, gathering intelligence to give Russia a diplomatic advantage, and collecting information to assist in disinformation operations.
The FIN7 cybercrime group is still active, despite the arrests of several of its members last year. Flashpoint says the group is using two new strains of malware, which researchers have dubbed "SQLRat" and "DNSbot." The criminals are also using a new attack panel called "Astra," which acts as a script-management system for compromised computers.
A Lithuanian man pleaded guilty yesterday to scamming Facebook and Google out of $123 million over the course of three years, according to ZDNet. The man registered a company in Latvia that shared a name with a legitimate computer hardware manufacturer. He then used a variety of fraudulent invoices and contracts to trick Facebook and Google employees into wiring him millions of dollars at a time. Facebook is said to have lost $100 million from the scams, while Google lost $23 million.
Semmle discovered a now-patched critical denial-of-service vulnerability in Fizz, Facebook’s open-source implementation of the TLS 1.3 protocol.