Tortoiseshell goes after IT providers.
Symantec describes a previously undocumented threat actor that's targeting the IT supply chain. The group, which Symantec has dubbed "Tortoiseshell," has attacked at least eleven organizations, and achieved admin-level access in at least two of them. Most of the targets were based in Saudi Arabia. An interesting aspect of the attacks is that in two of the targeted organizations, the attackers infected "several hundred" computers, which the researchers note is "an unusually large number of computers to be compromised in a targeted attack." The group is using a unique backdoor along with several public pieces of malware. In one case, the researchers observed Tortoiseshell use a variant of a backdoor associated with OilRig (APT34), but they note that OilRig's tools were leaked on Telegram in April, so this finding has little bearing on attribution.
Russian operators compromised FBI networks.
Yahoo reports that Russian intelligence services successfully compromised FBI and possibly other Intelligence Community communications from 2010 until 2016. US counterintelligence authorities became aware of the compromise, which involved among other things the ability to break encrypted cell phone communications among FBI counterintelligence teams, some time in 2012. Internal disputes within the Obama Administration’s national security apparatus, which experts who witnessed deliberations characterized to Yahoo as “reset hangover” delayed a comprehensive response until December 2016, after the last US Presidential election. That response took the form of the expulsion of more than thirty Russian diplomats declared persona non grata for their involvement in the espionage campaign. It also involved US seizure of two comfortable vacation homes (both with nice proximity to the ocean) used by the Russian delegation, one on Long Island, New York, and the other on Maryland’s Eastern Shore. The FBI began to move to alternative communications systems after suspecting something was up in 2012. Observers describe that move as “expensive.”