It’s difficult to distinguish spontaneous hacktivism from government-run cyberattacks, but two current campaigns look more like patriotic hacktivism than espionage. The Greek Reporter says that government websites in Eastern Macedonia and Thrace have been defaced with “Blue Homeland” messaging that evidently came from Turkish operators. And Zee News trumpets the activities of the “Indian Cyber Troops” who’ve “hoisted the Indian tricolor” on some eighty Pakistani websites.
Researchers at Cado say they’ve found a cryptomining worm, “TeamTNT,” that also has Amazon Web Services’ credential-stealing functionality. TeamTNT also scans for misconfigured Docker instances.
Carnival Corporation and Carnival PLC (the cruise line company whose subsidiaries include Princess Cruises, Carnival, the Holland America Line, Seabourn, P&O Cruises, Costa Cruises, AIDA Cruises, P&O Cruises, and Cunard) disclosed a “data incident” to the US Securities and Exchange Commission in an August 15th 8-K filing. Reuters reports that the incident was a ransomware attack that Carnival still has under investigation. Both passenger and employee data are believed to have been affected.
According to the Wall Street Journal, new US measures are making it harder for Huawei to get chips made with American technology. The Washington Post notes the difficulties in stopping an inherently complex trade.
North Korean government hackers, many of whom, according to a US Army assessment, operate from locations in other countries, may have a technique well-adapted to extracting payment in ransomware attacks. NK News says the Lazarus Group, its eye on insurance coverage, is pricing its ransom below the cost of backup and restoration.