ZDNet: Transparent Tribe APT targets government, military by infecting USB devices. “Transparent Tribe is involved in campaigns against government and military personnel, revealing a new tool designed to infect USB devices and spread to other systems. The advanced persistent threat (APT) group, as previously tracked by Proofpoint (.PDF), has been in operation since at least 2013 and has previously been connected to attacks against the Indian government and military.”
state-sponsored actors
Twitter Blog: New labels for government and state-affiliated media accounts
Twitter Blog: New labels for government and state-affiliated media accounts. “Twitter provides an unmatched way to connect with, and directly speak to public officials and representatives. This direct line of communication with leaders and officials has helped to democratize political discourse and increase transparency and accountability. We also took steps to protect that discourse because we believe political reach should be earned not bought. In 2019, we banned all state-backed media advertising and political advertising from Twitter. Today we’re expanding the types of political accounts we label.”
AP: US accuses Chinese hackers in targeting of COVID-19 research
AP: US accuses Chinese hackers in targeting of COVID-19 research. “Hackers working with the Chinese government targeted firms developing vaccines for the coronavirus and stole hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world, the Justice Department said Tuesday as it announced criminal charges.”
ZDNet: Chinese state hackers target Hong Kong Catholic Church
ZDNet: Chinese state hackers target Hong Kong Catholic Church. “China’s government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year.”
Russian Criminal Group Finds New Target: Americans Working at Home (New York Times)
New York Times: Russian Criminal Group Finds New Target: Americans Working at Home. “A Russian ransomware group whose leaders were indicted by the Justice Department in December is retaliating against the U.S. government, many of America’s largest companies and a major news organization, identifying employees working from home during the pandemic and attempting to get inside their networks with malware intended to cripple their operations.”
Twitter Blog: Disclosing networks of state-linked information operations we’ve removed
Twitter Blog: Disclosing networks of state-linked information operations we’ve removed. “Today we are disclosing 32,242 accounts to our archive of state-linked information operations — the only one of its kind in the industry. The account sets we’re publishing to the archive today include three distinct operations that we have attributed to the People’s Republic of China (PRC), Russia, and Turkey respectively. Every account and piece of content associated with these operations has been permanently removed from the service.”
Vanity Fair: Hackers Are Already Screwing With the 2020 Election
Vanity Fair: Hackers Are Already Screwing With the 2020 Election. “The vulnerabilities of online voting underscore the broader concerns about this year’s election. Observers already warned that Russia, which meddled in the 2016 election on Trump’s behalf, and other bad actors are seeking to interfere with this cycle.”
CBS News: NSA warns of new cyberattacks by Russian military hackers
CBS News: NSA warns of new cyberattacks by Russian military hackers. “A notorious hacking team backed by the Russian government has been exploiting a serious flaw in commonly used email software, the National Security Agency (NSA) warned Thursday, issuing a rare advisory that publicly attributed attempts to utilize the software flaw to a nation-state actor.”
Bleeping Computer: Russian cyberspies use Gmail to control updated ComRAT malware
Bleeping Computer: Russian cyberspies use Gmail to control updated ComRAT malware. “ESET security researchers have discovered a new version of the ComRAT backdoor controlled using the Gmail web interface and used by the state-backed Russian hacker group Turla for harvesting and stealing in attacks against governmental institutions.”
NBC: China launches new Twitter accounts, 90,000 tweets in COVID-19 info war
NBC News: China launches new Twitter accounts, 90,000 tweets in COVID-19 info war. “China has launched a Twitter offensive in the COVID-19 information war, more than doubling its number of official government tweets since January and in recent days using the platform to spread a conspiracy theory that the virus came from a U.S. government lab.”
RadioFreeEurope: EU Monitor Sees Drop In COVID-19 Disinformation, Urges Social Media To Take More Action
RadioFreeEurope: EU Monitor Sees Drop In COVID-19 Disinformation, Urges Social Media To Take More Action. “EU monitors say they have seen ‘at least a temporary decrease’ in the amount of misinformation and disinformation surrounding the coronavirus pandemic, but external actors, notably pro-Kremlin sources, are still active in spreading false information on the outbreak. In a report released on May 20, the strategic communications division of the European diplomatic corps, the European External Action Service (EEAS), said that, while social media companies continue to invest into detecting and countering misinformation and disinformation on their platforms, ‘it is clear that much more needs to be done.'”
BloombergQuint: China’s Disinformation Campaign Targets Virus, Researcher Says
BloombergQuint: China’s Disinformation Campaign Targets Virus, Researcher Says. “An army of bot accounts linked to an alleged Chinese government-backed propaganda campaign is spreading disinformation on social media about coronavirus and other topics, including an exiled businessman, according to a London-based researcher. The accounts have been used to promote content attacking critics of the Chinese government and to spread conspiracy theories blaming the U.S. for the origins of virus, according to Benjamin Strick, who specializes in analyzing information operations on social media websites.”
Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead – sources (Reuters)
Reuters: Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead – sources. “Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers, as the company races to deploy a treatment for the COVID-19 virus.”
State report: Russian, Chinese and Iranian disinformation narratives echo one another (Politico)
Politico: State report: Russian, Chinese and Iranian disinformation narratives echo one another. “China, Iran and Russia are using the coronavirus crisis to launch a propaganda and disinformation onslaught against the United States, the State Department warns in a new report. The three governments are pushing a host of matching messages: that the novel coronavirus is an American bioweapon, that the U.S. is scoring political points off the crisis, that the virus didn’t come from China, that U.S. troops spread it, that America’s sanctions are killing Iranians, that China’s response was great while the U.S.’ was negligent, that all three governments are managing the crisis well, and that the U.S. economy can’t bear the toll of the virus.”
Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus – sources (Reuters)
Reuters: Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus – sources. “Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.”