Taiwan is cracking down on disinformation spread by China as the country gears up for its presidential and legislative elections in January, NPR reports.
The Register has an account of cybersecurity expert Jake Williams's presentation at Black Hat Europe, in which Williams described the various ways threat actors can use false flags to achieve misattribution. The most obvious measure is using infrastructure located in another country to carry out attacks. Attackers can also easily change their browser settings to reflect those used by someone who speaks a different language. Williams also cited Kaspersky's research into the OlympicDestroyer malware, which used a fake Rich header to falsely point attribution toward North Korea's Lazarus Group. Attackers have also been known to plant false PowerShell logs to mislead investigators. This is just a small sampling of methods that can be used to falsify digital evidence, and any combination of them can be used to sow uncertainty.
Anomali describes an ongoing attack campaign by the Russian APT Gamaredon (also known as Primitive Bear) targeting Ukrainians. Based on the content of the phishing documents, Anomali has discerned that the campaign is focusing on diplomats, government officials and employees, journalists, law enforcement, military officials and personnel, non-governmental organizations, and the Ministry of Foreign Affairs of Ukraine.