US Cyber Command yesterday afternoon warned that a new implant ("SlothfulMedia," a remote access Trojan) has been detected in attacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine. Details are on Cyber Command's VirusTotal page. The US Cybersecurity and Infrastructure Security Agency (CISA), which cooperated with Cyber Command in developing the alert, describes SlothfulMedia as an information stealer. There's no public attribution beyond calling the attacker a "sophisticated cyber actor."
Election-themed spam represents itself as mobilizing adherents of the US Democratic Party, but it’s really just infecting their devices with Emotet, Proofpoint says. The campaign, whose motivation seems criminal and not political, surged yesterday.
ESET has identified a cyberespionage group, “XDSpy,” active against targets in Eastern Europe since 2011. Military, diplomatic, and corporate organizations in Belarus, Moldova, Russia, Serbia and Ukraine figure in the target list. The target list is unusual, as is the variation in sophistication the group shows: its techniques vary from highly sophisticated operations to low-grade commodity skid work. ESET hasn’t been able to discern any connections to other threat actors.
ESET this week also described a new strain of Android spyware cloaked as bogus messaging services. ESET calls the group responsible APT-C-23; others have called it Desert Scorpion or Two-Tailed Scorpion, and linked it to Hamas. The targets currently being prospected are for the most part in the Middle East.
The International Maritime Organization, a UN regulatory body, yesterday disclosed that it had been hit with a cyberattack that significantly disrupted its IT systems.