Facebook has removed "hundreds" of disinformation accounts. Menlo Park's report on coordinated inauthenticity for April listed six countries where the Facebook and Instagram accounts formerly operated. Georgia leads, with almost a thousand suspect accounts taken down; they were for the most part associated with domestic political groups. Russia and Iran showed high levels of state-directed activity directed at foreign targets. A number of takedowns in the US removed inauthentic accounts associated with conspiracy theorists at QAnon. Accounts taken down in Mauretania and Myanmar focused on domestic audiences, and the Myanmar operations were associated with that country's police.
Taiwan's state-owned energy company CPC Corp., a major distributor of petroleum and liquified natural gas, has sustained a ransomware attack, CyberScoop says. Investigators think it likely that the attack was state-sponsored, but have not specified which state. Authorities in Taiwan believe the attack was timed to coincide with President Tsai Ing-wen's inauguration, Taiwan Focus reports.
Microsoft is tracking a surge in Remcos attacks that it says are using COVID-19 lures to prospect organizations across many sectors.
Europol announced that Polish and Swiss police have taken down the credential-trading InfinityBlack gang. Five Polish hackers were arrested, and assets (including hardware and cryptocurrency wallets) worth €100,000 were seized. InfinityBlack operated on both its own site and other dark web souks, ZDNet reports, and the gang not only trafficked in credentials, but also in attack tools sold to other criminals. The gang was well-organized and segmented; it seems unlikely the five arrested were its only members.