The attack Australian logistics company Toll Group sustained Sunday is ransomware, IT News reports, specifically the Mailto strain. The Australian Signals Directorate says it’s unclear whether the Mailto attacks are part of a larger campaign.
SentinelLabs reports on renewed activity against Ukrainian targets by the Gamaredon Group, a state-sponsored APT that Ukrainian security services associate with Russia’s FSB. (The FSB is generally regarded as Cozy Bear’s proprietor.) SentinelLabs sees the activity as a bellwether for future hybrid war: when kinetic fighting slows or freezes due to strategic, operational, or diplomatic pressures, expect an intensification of activity in cyberspace.
Security firm Certfa Lab is calling out Charming Kitten, the well-known Iranian APT, as the group responsible for a recent phishing campaign that spoofed a Wall Street Journal writer’s email to prospect targets for further compromise.
Cybereason found a malware campaign using Bitbucket repositories as its launching point. Atlassian's Bitbucket Support took down the affected repositories within hours of Cybereason's warning.
Iowa Democrats continue to count caucus results, with 97% of the precincts accounted for this morning. The problems at the caucus are attributed not to hacking, but to Shadow’s IowaReporterApp, which proved difficult to use and unable to transmit results correctly to state party headquarters. The emerging consensus is that IowaReporterApp was hastily put together and inadequately tested. ProPublica obtained a copy of the app and sent it to Veracode for a security assessment. Veracode found that “vote totals, passwords and other sensitive information could have been intercepted or even changed."