Twitter suspends two North Korean catphishing accounts.
Twitter last week suspended two accounts that North Korean operators established for the apparent purpose of catphishing security researchers. The Record reports that the two accounts are part of an espionage campaign that began last year. A member of Google's Threat Analysis Group says the two accounts are part of a cluster, some of whose members were taken down in August. While the accounts were active for several months, neither had more than a thousand followers.
Ransomware at the Sinclair Broadcast Group and Olympus attributed to Evil Corp.
The Sinclair Broadcast Group, which operates one-hundred-eighty-five television stations with six-hundred-twenty channels in eighty-six US media markets, has disclosed that it determined last Sunday that it had been subjected to a ransomware attack. The media company detected what it regarded as "a potential security incident" on Saturday, and is now in the process of recovery. The Hollywood Reporter says that some service disruptions continued into the early part of the week. NY1 reports that the attack involved, as is now routine in such criminal operations.
To recap, Sinclair discovered a possible incident Saturday, identified it as a cyberattack Sunday, and issued a public statement Monday, which the Wall Street Journal calls quick disclosure. Attempts to isolate and contain the attack began almost immediately upon detection.
Bloomberg reported Thursday that the Sinclair Broadcast Group was hit by the Russian cybercriminal organization usually known as Evil Corp. The attackers are said to have used the Macaw strain of WastedLocker ransomware (Emsisoft calls Macaw simply a rebranded version of WastedLocker). Evil Corp has been under US sanctions since December of 2019, which would complicate any attempt to buy back access to infected systems by paying the ransom. One purpose of adopting rebranded malware strains may be obscuring the fact that payment of ransom to the sanctioned entity amounts to a violation of US law. The gang's two alleged leaders, Maksim Yakubets and Igor Turashev, were also indicted by the US at time sanctions were imposed. Sinclair's recovery from the attack remains a work in progress: according to the Daily Beast, disruptions to business and production systems have continued into the week.
Macaw ransomware (and thus its proprietor, Evil Corp) are also said, by TechCrunch, to be responsible for ongoing attacks against Olympus.