Politico reports that the US Defense Counterintelligence and Security Agency this week warned contractors in a bulletin that it had detected renewed activity by the Chinese government's Electric Panda group. The memorandum obtained by Politico said that "nearly 600 'inbound and outbound connections' from 'highly likely Electric Panda cyber threat actors' targeting 38 cleared contractor facilities, including those specializing in health care technology," had been detected since the beginning of February. Electric Panda has been active since 2016 at least, and its interest in healthcare technology seems to represent a shift driven by the current pandemic. A similar shift in interest has been observed in Electric Panda's sister threat group, Pirate Panda, but in that case it's a shift in phishbait, not in target.
CISA warns that the Pulse Secure virtual private network remains vulnerable to certain forms of exploitation even after its most recent patch has been applied. The vulnerability the patch addressed, CVE-2019-11510, is an arbitrary file reading issue. CISA includes in its advisory a tool to detect indicators of compromise and suggestions for mitigating risk of exploitation. The problem, ZDNet explains, is that attackers were able to exploit the vulnerability to extract Active Directory credentials, and they've since used these to get into organizations' internal networks even after patches have been applied.
Switzerland-based Mediterranean Shipping Company confirmed that the incident it sustained over Easter was in fact a cyberattack, Seatrade Maritime News says. The shipping line says no data were lost, but few other details were disclosed.