Recorded Future reports a PupyRAT infestation in an unnamed European energy sector organization. PupyRAT's command-and-control was communicating with the infected organization’s mail server from late November through January 5th of this year. The RAT is an open-source tool available on GitHub. It’s been used by Iranian threat groups APT33 (also known as Elfin, Magic Hound, or HOLMIUM) and COBALT GYPSY (which Recorded Future says overlaps with APT34, that is, OilRig). The researchers stress that the current activity predates recent escalation of US-Iranian tension
Reuters writes that the Saudi Foreign Ministry has again dismissed claims of Crown Prince Mohammed bin Salman’s involvement in hacking Amazon founder Jeff Bezos’s phone as “absurd.” Investigations are in progress, and it certainly seems that something was done to Mr. Bezos’s device. Is it possible the Crown Prince may himself have been hacked, as some have suggested? Well, sure, maybe. In any case, as BuzzFeed notes, Saudi-aligned Twitter accounts have been doing a lot of anti-Bezos woofing.
Ukraine is considering a comprehensive law designed to suppress disinformation. RadioFreeEurope|RadioLiberty says that critics are concerned the measure will also effectively suppress journalism.
The EU is also deliberating adoption of measures that would counter disinformation. Facebook doesn’t like them, New Europe says, and characterizes the proposed regulations as a threat to free speech.
Canada’s government is prepared to “impose costs” on those responsible for cyberattacks on the Dominion, according to 660 News.
The Economist looks at Huawei, concludes it’s a threat, but says the risks can be managed.