We recently launched Recorded Future Express — a free browser extension for security teams. Use Express over any web-based SIEM, vulnerability management solution, security blog, and more to put real-time security intelligence at your fingertips. Instantly prioritize alerts, incidents, and vulnerabilities based on real-time risk scores from the world’s largest commercial collection platform. Sign up now.
For more, see our daily update on COVID-19 and the cybersecurity community.
Naikon, a threat group now being associated with the Chinese government ("appears to be Chinese speaking," in Kaspersky's cautious formulation) has resurfaced to affect targets in the Asia-Pacific region. The group had been detected in 2015 by ThreatConnect and DGI, who attributed it specifically to the People’s Liberation Army Chengdu Military Region's Second Technical Reconnaissance Bureau Military Unit Cover Designator 78020. The Kunming-based unit has responsibility for developing intelligence about Southeast Asia, with special emphasis on nations that claim territorial waters in the South China Sea.
Naikon had gone largely undetected since its initial discovery, but Check Point researchers now report having observed it in a major campaign, distributing a novel and hitherto unknown payload, "Aria-body," which combines remote code execution, data destruction, and data exfiltration capabilities.
Much of the initial attention Naikon drew during its present campaign came through the discovery of a phishing attempt against accounts belonging to the West Australian government. News7 reports that the state's premier says he was "blindsided" when shown a news report of the hack, but adds that it's now under investigation.
The University of Toronto's Citizen Lab is warning of another ongoing Chinese campaign, this one involving Tencent's use of its popular WeChat app to monitor social media content exchanged within the Chinese diaspora. Content moderation, essentially suppression of politically sensitive topics, has long been practiced on WeChat. What's new is the extension of surveillance to users outside of China proper. Citizen Lab thinks the effort is designed to train censorship algorithms.
Today's issue includes events affecting Australia, Brunei, Cambodia, Canada, China, European Union, Indonesia, Laos, Malaysia, Myanmar, Nepal, Philippines, Russia, Thailand, Turkey, United Kingdom, United States, and Vietnam.
Looking for a job? You're not alone.
"While most companies now are hiring virtually, a lot of them are also doing virtual career fairs and virtual hiring events. So it's 2020. We have the technology. And now companies are really utilizing that. So there's really no reason to not be able to make those connections. People are doing Zoom happy hours and Zoom get-togethers. And there are so many different groups that are starting up that are doing these different sort of virtual events. I would say to candidates to take advantage of all of those, especially if you have lost your job and you do have the time, take a look on LinkedIn and just join any webinars. Join any little happy hour events. And start connecting and expanding your network."
—Laura Deimling from Down to Staff, on the CyberWire's Daily Podcast, 5.6.20.
"So many people are losing their jobs, and there's going to be a lot more people looking for jobs than there have been in the past few years. You know, unemployment has been really low. It is not like that anymore. So I would say being quick to respond could mean getting a job or missing out because another candidate got it. So I think now more than ever - the candidates have been in the driver's seat for many years now, and we're getting ready to see a switch again of where the companies have a little bit more control in the hiring process. So I would say, you know, make sure you are very responsive to any calls and emails because if you're not, somebody else is going to."
—And Courtney Wandeloski, also from Down to Staff, also on the CyberWire's Daily Podcast, 5.6.20.
Keep plugging. And having the right software is now more important than dressing for success.
If you're interested in space and communications (technology, policy, business, and operations), take a look at the latest issue of Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Looking to advance your cybersecurity career? Then the Georgetown University Master's in Cybersecurity Risk Management is for you. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Malek Ben Salem talks us through their Technology Vision report. Our guest is Thomas Rid from the Johns Hopkins University's School of Advanced International Studies, discussing his book Active Measures.
In this week's episode of CSO Perspectives, "Dark web and TOR: What kind of intelligence can you find there?" the CyberWire's CSO Rick Howard discusses counterintelligence operations by commercial vendors on the dark web, and the kinds of intelligence that can be found there.
