the Sydney Morning Herald – РИСК-АКАДЕМИЯ – АНО ДПО ИСАР

Twitter hack looks like high-end low-grade crime. More Cozy Bear and Charming Kitten. CISA tells US Feds to patch Windows now.

riskacademy — Sat, 18 Jul 2020 10:33:48 +0000

Twitter’s investigation of its Wednesday afternoon hack continues. Reuters reports pre-hack chatter on a grey market frequented by gamers, swappers, and skids offering to sell Twitter accounts, which suggests low-level criminal activity as opposed to state-directed espionage. KrebsOnSecurity has published some suggestive (albeit preliminary and inconclusive) evidence that it was indeed a well-executed but not fully thought-through criminal scam, organized by a sim-swapper (nom de hack “PlugWalkJoe”) connected with the ChucklingSquad gang.

Bloomberg interviews a Darktrace co-founder who says that Cozy Bear’s hack of COVID-19 biomedical research put patient data as well as intellectual property at risk.

Australian intelligence services have joined their Five Eyes sisters in the UK, Canada, and the US in pointing to Russia’s Cozy Bear as the actor behind cyberespionage directed against such research, the Sydney Morning Herald reports.

Russia’s embassy in London, responding to “unfriendly statements by Foreign Secretary Dominic Raab,” said that Russia didn’t hack any biomedical research, didn’t attempt to influence any “democratic elections,” and that it reiterated its offer to…

Government directed attacks, hacktivism, and designated propaganda outlets.

riskacademy — Tue, 23 Jun 2020 23:19:20 +0000

International conflict continues to breed attendant cyber offensive operations and apparent hacktivism. India, which has seen minor but lethal skirmishes with China along their disputed border, continues to warn its businesses, organizations, and government agencies to be alert for continued Chinese cyberattacks. The Outlook reports that New Delhi’s security agencies are distributing an alert from CERT-IN that many such attacks can be expected to take the form of COVID-19-themed phishing. Inc42 says that researchers at Cyfirma have been monitoring dark web chatter that appears to confirm such warnings.

Zscaler has taken a look at last week’s warning from the Australian Cyber Security Centre about “Copy-paste compromises” used against Australian networks. None of the reported exploits involve zero-days; all take advantage of known and patchable vulnerabilities. These and several other recent campaigns against Australian targets have been widely attributed to China, as the Sydney Morning Herald summarizes.

And one case of possible hacktivism (or possibly state-directed hacktivism) has appeared in Ethiopia. Addis-Ababa says, according to Borkena, that unspecified Ethiopian…