ClearSky outlines the “Fox Kitten” campaign, which it calls an Iranian operation directed primarily against the US and Israel. Fox Kitten has been active, ClearSky says, for three years, and it’s proceeded largely by exploiting VPNs and RDP. The company concludes (with “medium confidence”) that the campaign represents a collaborative effort among three APTs: APT33 (Elfin), APT34 (OilRig), and APT39 (Chafer). The sectors of interest to Fox Kitten appear to be IT, utilities, defense and aviation, and petroleum.
Trend Micro warns that LokiBot is distributing malware disguised as an installer from the Epic Games store. Epic Games publishes Fortnite and other popular diversions.
Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.”
KrebsOnSecurity reports a new extortion scam. This one targets website owners who display banner ads through Google’s AdSense program. The extortionists threaten to flood the ads with enough bot traffic to cause Google’s automated tools to suspend the victim’s account. Google suggests that this won’t really work, so the extortion threat is largely empty.
In what Nikkei reads as a warning against attempting to meddle with the Tokyo Olympics, Japan’s government has attributed the SoftBank breach to Russia’s GRU.
As the US continues to warn allies against using Huawei equipment (see representative coverage in C4ISRNET and CNN) China’s Foreign Ministry replies by complaining that Washington, not Beijing, is the problem: no one spies like the Americans.