According to the Guardian, New Zealand’s NZX stock exchange continues to suffer disruption from distributed denial-of-service attacks originating "offshore," Halted trading in cash markets has disrupted the exchange's debt, Fonterra shareholders, and derivatives markets. The Associated Press reports that the Government Communications Security Bureau has been brought in to help with the investigation.
Digital Shadows thinks it sees unmistakable signs that proprietors of Empire, “the largest and most trusted English-language cybercriminal marketplace,” have shut down and absconded with their clients’ money.
Egor Igorevich Kriuchkov, the Russian national arrested by the FBI and charged Monday with conspiracy to damage a computer at an unnamed US company, allegedly offered an employee of the company $1 million to help install custom malware in the company’s servers. Teslarati reports that the intended victim was Tesla, and that the employee Mr. Kriuchkov approached declined the offer and worked with the FBI to make their case. Other conspirators are presumably in Russia, where they’re safe from extradition to the US.
Check Point says that QBot has resumed malspamming this month. The banking Trojan, which has been in use for more than ten years, has acquired some new functionality: an “email collector module” that extracts the victim’s email threads from the Outlook client and uploads them to a remote server. Proofpoint reports that Emotet has also returned, and that TA542 is using it to install QBot.
The Wall Street Journal reports that US authorities are moving toward civil forfeiture of cryptocurrency stolen by North Korean government hackers.