ISIS has claimed responsibility for the Easter massacres in Sri Lanka, the Wall Street Journal and others report. A statement published by the jihadist organization’s news agency Amaq says the bombings were retaliation for last month’s massacre of Muslims at a New Zealand mosque, and were intended to kill Christians. Sri Lankan authorities, who continue their social media crackdown during a declared state of emergency, continue to believe the attacks were the work of local jihadists acting with foreign support. CBS News says the death toll is now three hundred twenty one.
Researchers at Check Point describe a targeted spearphishing attack against “government finance authorities” and embassies in Europe. The hackers appear to be Russian, and they appear to be criminals (although that's a tougher call, given the growing penetration of the Russian mob by the Russian security organs). The campaign used malicious Excel files marked implausibly as if they were from the US State Department. The payload was a weaponized version of TeamViewer capable of taking screenshots of infected systems.
One of the gang members (nom-de-hack “EvaPiks”) was active on a hacking and carding forum, the Verge notes, talking about the attack and offering advice to others who might wish to do likewise.
A disgruntled bug hunter, nom-de-hack @0x55Taylor, has released documents taken from a server in Mexico's Guatemala embassy. He told TechCrunch he expected a reply, and when he doesn't get a reply, "then it's going public." The doxing included many identity documents, passports, visas, and so on.