Turla (also known as Venomous Bear) is back, and according to Accenture researchers has hacked an unnamed European government. Bleeping Computer reports the Russian group deployed "recently updated remote administration trojans (RATs) and remote procedure call (RPC)-based backdoors" in attacks between June and October of this year.
Microsoft has reported successful efforts by the Iranian threat group Redmond tracks as Phosphorus (also known as APT35 or Charming Kitten) to access accounts belonging to people attending the Munich Security Conference and the Think 20 (T20) summit in Saudi Arabia. The goal was collecting intelligence on foreign policy.
The US Cybersecurity and Infrastructure Security Agency (CISA), with the FBI and the Department of Health and Human Services, yesterday issued a warning that the Ryuk operators (sometimes known as Wizard Spider, a Russophone criminal gang) were conducting a very large campaign against US hospitals. Much of the ransomware deployment is being conducted from the revived Trickbot Trojan.
BleepingComputer says that the Maze gang, known for its pioneering combination of ransomware with threatened doxing as well as for its relatively sophisticated media relations, appears to be shutting down. "Wait for the press release," the hoods told BleepingComputer when the publication sought confirmation. (Maze operators aren't going straight, just shifting operations to the related Egregor ransomware.)
According to the Wall Street Journal, yesterday’s US Senate Commerce Committee hearings largely addressed Senatorial concerns about online platforms’ content moderation. Facebook, Google, and Twitter CEOs testified; TechCrunch says that Section 230 was hardly addressed, at least not directly.