The BBC reports that Tehran says it knows what caused the fire at Natanz, but that Tehran isn’t saying. It looks, however, more like physical sabotage than either an accident or the “kinetic cyberattack” that was the subject of weekend speculation. And whoever’s speaking for the self-described Iranian dissident group, the “Homeland Cheetahs,” had advance knowledge of the incident, but the putative group materialized from nowhere and increasingly looks like a false flag.
The Washington Post quotes a “Middle Eastern security official” (speaking on condition that both his identity and nationality be concealed) to the effect that a bomb placed inside the facility caused the damage. The operation, that source says, was an Israeli effort to “send a message” that would deter Iran from accelerating its pursuit of nuclear weapons.
An investigation by the Daily Beast has exposed a false journalistic persona, one “Raphael Badani,” represented as an international affairs expert whose bylines have appeared widely. The Badani persona figured in a network of at least nineteen other policy catphish whose general line was to praise the United Arab Emirates and advocate a harder line toward Qatar, Turkey, and Iran, and toward those nations’ proxies in the Levant. Twitter yesterday took down a number of accounts associated with the coordinated inauthenticity.
Agari describes Cosmic Lynx, a Russian gang responsible for two-hundred business email compromise attacks in forty-six countries over the past year.
Proofpoint reports that the Purple Fox exploit kit has gained capabilities exploiting two known (and patched) Microsoft vulnerabilities.