Four critical infrastructure organizations in a South East Asian country were targeted in an intelligence-gathering campaign that continued for several months, Symantec Threat Hunter Team has found. Among the organizations targeted were a water company, a power company, a communications company, and a defense organization, with evidence the attackers were interested in information about SCADA systems.
Indeed, over the past few years, ransomware operators have shifted tactics, moving from widespread targeting intended to collect smaller ransoms from several entities to being more selective in what organizations are targeted and setting larger ransom amounts. One recent tactic revealed ransomware operators using virtual machine to evade detection, which was quickly adopted by other groups.
ESET researchers discovered a previously undocumented backdoor and document stealer used for cyber-espionage. ESET has been able to attribute the program, dubbed Crutch by its developers, to the infamous Turla APT group. It was in use from 2015 until at least early 2020. ESET has seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets. These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators.
As the 2020 U.S. presidential election nears, there has been a rise in mercenary hacking groups and cyber espionage. Some say this a direct result of the current administrations’ increasingly isolationist global foreign policy, and that the U.S.’ status in the global cyber domain should be a major discussion point before November.
ESET researchers have analyzed a new version of Android spyware used by APT-C-23, a threat group active since at least 2017 that is known for mainly targeting the Middle East. The new spyware, detected by ESET security products as Android/SpyC23.A, builds upon previously reported versions with extended espionage functionality, new stealth features and updated C&C communication.
As September is National Insider Threat Awareness Month, there is no better time than the present to seriously reconsider how we educate America’s next generation of business leaders about these critical intelligence issues. As we wait on MBA programs to catch up to America’s new geopolitical reality, these are the three most important issues business schools, early stage entrepreneurs, and even seasoned pros should consider as they protect their life’s work.