Ukraine’s National Cyber Coordination Centre warns that Gamaredon Group (also known as Primitive Bear, a Russian threat group run by the GRU and presenting itself as a Ukrainian separatist organization) is newly active with phishing. The effort appears to be battlespace preparation for a campaign against Ukrainian infrastructure believed to be timed for Monday, August 24th, which is Ukraine’s independence day.
Ukraine’s SBU security service also claims that accounts of its involvement with Russian Wagner Group paramilitaries allegedly active in Belarus are Russian disinformation. Ukraine’s SZR foreign intelligence service yesterday said the Wagner Group is operating in Belarus under Russian control.
Officials in Taiwan yesterday accused China of an extensive cyberespionage campaign (spearphishing, for the most part) against at least ten of Taipei’s government agencies, CyberScoop reports. Reuters says Beijing calls the charges “malicious slander.”
The US Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a joint Malware Analysis Report describing a North Korean remote access Trojan, “BLINDINGCAN” which Hidden Cobra is deploying in an attempt to establish persistence in networks of interest to Pyongyang. The campaign represents another use of bogus job offers targeting workers in the defense sector.
Palantir has quietly decamped from its Palo Alto headquarters, forsaking Silicon Valley for real estate more to its liking in Denver, as both the Denver and Silicon Valley Business Journals report. CNBC notes CEO Karp’s view that Silicon Valley’s “increasing intolerance and monoculture” and high cost-of-living have made it a less desirable place from which to do business.