Kaspersky has released a report on the continuing activities of Transparent Tribe (also known as ProjectM and Mythic Leopard), a cyberespionage group actively deploying the Crimson RAT against its targets. Attribution of Transparent Tribe, which has been active since at least 2013, remains murky, but Palo Alto Networks and others have seen signs of an association with Pakistan. Crimson RAT has been upgraded for the current campaign, with server-side management of infected machines and a USBWorm that steals files from removable drives.
The Director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence has added a few governments to the list of those who appear interested in influencing US elections, CyberScoop reports. He said Cuba, North Korea, and Saudi Arabia “want to be able to provide their optics for discord in the United States.”
After a ransomware attack that hit its College of Social and Behavioral Sciences on July 19th, the University of Utah paid its extortionists, BleepingComputer reports. The University said in its disclosure that the decision to pay was reached in close consultation with its insurance carrier, and that the amount it turned over to the attackers was $457,059.24. ZDNet says the University restored systems and data from backups, but also decided to pay the ransom to prevent the criminals from releasing the personal data they'd stolen in the course of the attack.
US Federal prosecutors have filed charges against Uber's former CSO, alleging he covered up a 2016 data breach.