At a glance.
- The GRU and cyber gangs.
- Cyber mercenaries.
- TeamTNT may be back.
- Risky piracy sites.
- Developments in the Uber breach, and tentative attribution.
- Rockstar and 2K Games sustain criminal attacks.
- Emotet and other malware delivery systems.
- Trends in resilience.
- Readiness for quantum security.
- Leveraging Netflix for credential harvesting.
- The LastPass incident.
- Gootloader's malicious blogging.
- Metador's unattributed cyberespionage.
- Malicious NPM packets.
- Pay card theft ring unmasked.
- Patch news.
- Criminal and civil cases.
CISA warns of Iranian cyber activity.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint warning with the FBI outlining the conduct of the cyber campaign Iran waged earlier this month against Albania. The warning includes recommended protections and mitigations should the campaign spill over to targets outside Albania. Listen to CISA's warning on the CyberWire.
The GRU's close coordination with cyber criminals.
A report in the Wall Street Journal, citing research by Google's recently acquired Mandiant unit, describes the "unprecedented" ways such sufferance and toleration have evolved into active coordination and direction. The relationship has apparently developed well beyond the familiar permissive privateering the gangs have been encouraged to undertake. Mandiant's report focuses on the GRU, which is organizing the activities of nominally hacktivist groups and supplying them with GRU tools to attack Ukrainian networks. Killnet is among the hacktivist front groups probably associated with the GRU.
SentinelLabs has published an update on the Void Balaur cyber mercenary group. The hack-for-hire operation, which has operated in the criminal-to-criminal market since 2016, has expanded its activities. "New targets include a wide variety of industries, often with particular business or political interests tied to Russia. It's not generally clear who the group's customers are, but SentinelLabs points to some indications that a Russian security service may be among them. "A unique and short-lived connection links Void Balaur’s infrastructure to the Russian Federal Protective Service (FSO), a low-confidence indication of a potential customer relationship or resource sharing between the two."
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.