ESET describes a North Korean campaign of targeted attacks against European defense and aerospace companies. They call it "Operation In(ter)ception," and it has two purposes: first, espionage, second, financially motivated business email compromise. Pyongyang's operators start with LinkedIn, proffering meretricious job offers to workers at selected companies. They seek to develop sources of information; they sometimes compromise email accounts to induce companies to fall for fraudulent fund transfer requests.
Border skirmishes with China have moved India's government to higher states of alert, both kinetic and cyber, the Economic Times reports. The Hindustan Times outlines one aspect of that alert: publication of the National Security Council Secretariat's list of fifty-two apps it finds too close to the Chinese government for comfort. Zoom and TikTok are on the list.
Graphika has published a new study of Secondary Infektion, the Russian disinformation operation the Atlantic Council described and named last June. The report concludes that Secondary Infektion has operated continuously since 2014, and that it's run by a single unidentified controlling agency. Graphika gives the operation high marks for opsec but low grades for linguistic plausibility.
Al Qaeda is back, Homeland Security Today reports, in the form of its English-language One Ummah magazine, seeking to inspire "e-jihad," the proverbial cyber 9/11. Al Qaeda's treatment of the matter seems aspirational.
JSOF reports the discovery of nineteen zero-days, collectively called "Ripple20," that afflict the Internet-of-things software supply chain. They're flaws in software that handles the TCP-IP protocol, and they've been out since the late 1990s.