The AP, citing Iranian state-operated media, says that Tehran has confirmed that it sustained cyberattacks Tuesday and Wednesday of this week. The disclosure was brief, acknowledged that the incidents were serious, and stated that they were under investigation.
Malwarebytes researchers report that the Iranian-linked cyberespionage group Silent Librarian has made its annual return to campus. The threat actor is active mostly against universities, where it seeks to collect sensitive research and intellectual property.
You needn’t be an actual APT to pose as one. Radware notes that criminal organizations posing as flashy, well-known state actors (Fancy Bear, the Armada Collective, the Lazarus Group, and so on) have been sending extortion letters to victims. They typically threaten distributed denial-of-service (DDoS) attacks if they go unpaid, but the threats are more scareware than malware. The demand letters have followed reports of high-profile attacks.
Bloomberg reports that African governments are actively using social media to spread what it characterizes as “disinformation” during the run-up to this year’s elections in order to “dominate the narrative around campaigns.” In these cases—Bloomberg cites Guinea and Ghana—the influence operations are domestic, not foreign.
Reports by the New York Post that allege discreditable “smoking gun” emails involving US-Ukrainian relations have been found on a computer used by Hunter Biden, son of former US vice president and present Democratic presidential candidate Joseph Biden, raise questions of influence operations (potentially foreign, arguably domestic). Ars Technica has a summary of the issues the case raises for social media content moderation.