Microsoft successfully petitioned a US Federal court for permission to seize control of fifty domains the North Korean threat actor "Thallium" was using to mount spearphishing attacks against Windows users. The targets were for the most part located in the US, Japan, and South Korea, and Redmond says they tended to be "government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues." The hacking was thus not the now-familiar economically motivated espionage one has come to expect from Pyongyang, but rather a politically focused campaign.Thallium is also known as APT37, a group that FireEye calls "Reaper, the overlooked North Korean actor." Forbes has a useful summary of the campaign and its implications.
Reuters reports that Brazil's Ministry of Justice fined Facebook $1.6 million for improperly sharing user data with the makers of an app, Thisisyourdigitallife.
Wawa, the eastern US convenience store chain that disclosed a major data breach on December 19th, shortly before the Christmas holiday, has already seen several lawsuits filed against it. The Philadelphia Inquirer reports that at least six suits have been filed against the company in a Philadelphia Federal court. The class-action suits allege negligence on Wawa's part in failing to secure customer data, including paycard information.
In the UK, the National Crime Agency said that Kerem Albayrak, of North London, has received a two-year suspended sentence in connection with attempt to blackmail Apple with a threat to delete iTunes accounts he claimed to have secured access to. Mr. Albayrak wanted Cupertino to give him either $75,000 in cryptocurrency or a thousand $100 iTunes gift cards. If Apple refused to pay, the 319 million iTunes accounts would get it. Naked Security, which observes that Mr. Albayrak used "Turkish Crime Family" as his nom de hack, suggests that he was motivated as much by the lure of fame as by greed for money. They also speculate that he was engaging in a kind of primitive credential stuffing using lists of compromised credentials.