Zerologon exploitation is no longer a merely theoretical possibility: Microsoft has seen the Windows Server vulnerability being actively attacked in the wild. ZDNet reminds all that Samba file-sharing software is also susceptible to this bug, and must be updated as well. Computing has an update on the patches available for Zerologon.
Reuters reports that Philippine police and military organizations have denied any involvement in the coordinated inauthentic network Facebook took down earlier this week. Facebook had identified the activity as originating in the Philippines, and as showing some signs of connection to the government.
SecurityWeek describes QuoINT’s research into a new Zebrocy cyberespionage campaign directed against NATO. Zebrocy is by consensus held to be a Russian operation. While its exact organizational niche isn’t entirely clear, most observers think it associated with Moscow’s GRU, that is, Fancy Bear.
Group-IB says a new ransomware group they’re calling “OldGremlin” is currently active against Russian banks and corporations. OldGremlin is phishing with emails that represent themselves as coming from RBC (RosBiznesConsulting), a large Russian media holding company. As BleepingComputer summarizes, the gang is using TinyPosh and TinyNode backdoors, TinyCrypt ransomware, and various third-party tools for reconnaissance and lateral movement. So far OldGremlin has been active in Russia only, but there are signs it may be working toward much wider attacks elsewhere.
The US Treasury Department yesterday sanctioned more Russian individuals and organizations for their involvement in malign influence operations, TheHill reports. Most of them are tied to the previously sanctioned Yevgeniy Prigozhin, “Putin’s chef.”