Facebook yesterday identified and took down three more networks for coordinated inauthentic behavior. All three networks originated in Russia. Facebook says that they targeted a wide range of countries, and that they shared an overarching operational style. They focused, first, on creating fictitious or seemingly independent media entities and personas to engage unwitting individuals to amplify their content and [second] on driving people to other websites that these operations control.” Thus their activities were marked by information-laundering, an increasingly common tactic in influence operations.
Graphika, which assisted Facebook with investigation and assessment, notes that the offending network “clusters” operated across multiple platforms. Despite the operators’ efforts, none of the clusters succeeded in going viral.
Some, but not all, and not even the majority, of the inauthentic activity, was directed against US elections. According to Reuters, Russian President Putin today said that the US and Russia should agree not to meddle in one another’s elections. He called for a comprehensive treaty that would amount to a cyber non-aggression pact.
The US Cybersecurity and Infrastructure Security Agency (CISA) reports that an unnamed US Federal organization was successfully hacked. The attackers used stolen credentials to gain access, then were able to browse the network, obtain, and (probably) exfiltrate files it selected. How the attackers got the credentials is unknown, but CISA’s educated guess is that they were obtained via an unpatched Pulse Secure VPN vulnerability—CVE-2019-11510.
Governments are increasingly concerned about rising rates of cyberattacks against healthcare organizations, the Wall Street Journal reports.