Vietnam has denied involvement in cyber espionage against Chinese organizations involved in controlling the COVID-19 virus. Reuters says Hanoi today dismissed the accusations as "baseless." FireEye yesterday published a report describing their conclusion that APT32, a threat actor associated with the Vietnamese government, was engaged in "intrusion campaigns" designed to collect intelligence from Chinese targets concerning the pandemic. The researchers say they found spearphishing messages sent to China's Ministry of Emergency Management and the government of Wuhan province, where the pandemic is generally regarded as having begun.
Check Point has identified a gang they call the "Florentine Banker" that's involved in sophisticated theft from selected banks, mostly investment houses. The campaign is patient, does careful reconnaissance, begins with spearphishing, and ends with wire fraud.
Researchers at the digital forensics shop ZecOps reported yesterday that they'd discovered two iOS zero-days that were undergoing active exploitation in the wild. Vice says the researchers think it likely that those doing the exploitation may be working on behalf of a nation-state, and that they may have been purchased from an exploit broker: “It's someone who’s spending budgets on buying exploits but they don’t really have the technical capabilities to change those exploits for better OPSEC." Apple declined to comment to Reuters on ZecOps research, but did say that the vulnerabilities would be closed in the next release of iOS.
ESET has taken down and sinkholed the command-and-control servers for the VictoryGate cryptomining botnet. Some thirty-five-thousand machines are thought to have been infected, ZDNet reports.