The cyberattack Norway's Stortinget (parliament) sustained last week has been followed by a second series of attacks directed against public employees in the Hedmark region. The attacks on the Stortinget involved unauthorized access to email accounts of members and employees, according to the New York Times. The campaign was well-distributed across party lines, with members of Labour, the Conservatives and the Center Party affected. Norway's PST police intelligence agency is investigating. So far the origin and motive of the attacks on parliamentary email are unknown, but a hostile intelligence operation hasn't been ruled out. The Hedmark attacks on the other hand are being attributed to "foreign swindlers," News in English reports.
Cybereason researchers find that the Evilnum gang, which has been active mostly against financial sector targets in the UK and the EU, has deployed a new remote access Trojan, "PyVil RAT." The group's spearphishing campaigns abuse Know Your Customer (KYC) policies and use malicious KYC documents as phishbait. Cybereason says that Evilnum steals "passwords, documents, browser cookies, [and] email credentials."
While scrutiny of TikTok has concentrated on the platform's potential national security threat, Tenable finds that TikTok's loose moderation practices may have made it an actual haven for criminal activity. Tenable researchers say that TikTok's popular #ForYou page is infested with "fake mobile applications, diet pills, drop-shipped goods, fake gift cards" and other scams.
Researchers at RiskIQ say they've found Magecart's Inter Skimmer active in more than 1500 sites. The Inter Skimmer kit is now a popular criminal-to-criminal product.