At a glance.
- Royal Army accounts hijacked.
- A hacktivist group claims to have hit Iranian sites.
- Very large database of PII for sale on the dark web.
- Rogue employee makes off with bug reports.
- Threats and vulnerabilities surrounding cryptocurrency wallets.
- DPRK using Maui ransomware against healthcare targets.
- Quantum computing and security standards.
- Cyber incidents, risk, and credit.
- FBI and MI-5 warn of Chinese industrial espionage.
- Cozy Bear sighting.
- NPM compromise updates.
- Free decryptors for AstraLocker and Yashma ransomware released.
Royal Army accounts hijacked.
Sunday afternoon the British Ministry of Defence Press Office tweeted a terse announcement that the MoD was aware of a cyber incident: "We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway. The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further." The Army's own feed took an apologetic line towards any disappointed followers: "Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume." It took the British Army about five hours to wrest back control of its Twitter account, the Telegraph reports.
It's unknown who hijacked the accounts or why, and the MoD isn't saying anything until it understands what happened. The Telegram, quick to suspect the worst of the Russians, asked if the incident was a Russian operation, but the MoD had no comment--as they've said, they're not jumping to conclusions until they know more. Bitdefender notes that many have jumped to the conclusion that the incident must have been the work of a nation-state's espionage services, but it has an alternative explanation, arguably more probable: it was possibly crypto bros working an NFT scam. They note that the hijacked YouTube account featured an NFT come-on with the inevitable bogus Elon Musk attribution.