Newsletters

The US government says that RT (formerly known as Russia Today) has morphed from a news organization into a fully active intelligence asset for the Russian government.

The US State Department says that at the start of 2023, the Russian government embedded a Russian intelligence unit with cyber capabilities inside RT.

State officials did not explain the role of this unit but say that since then, RT has engaged in "information operations, covert influence, and military procurement" across Europe, Africa, and North and South America.

A mysterious threat actor has built a giant botnet by infecting over 1.3 million Android TV set-top boxes across the globe.

The devices were infected with a new backdoor named Vo1d.

The malware's main function is to gain reboot persistence on the device through three different methods and then watch a folder and install any Android APK file placed there.

A new report finds the global spyware market is concentrated in Israel, India and Italy and that a few individuals have founded a number of spyware vendors. 

Mythical Beasts and Where to Find Them, from the Atlantic Council's Digital Forensics Research Lab (DFRLab), attempts to map the global spyware market and identify links between firms, based on public reporting coupled with searches of corporate registries and databases. 

DFRLab found information on:

A UK anti-corruption organization has published a report this week warning that the UK's top police investigative body—the UK National Crime Agency (NCA)—is close to a critical collapse, describing it's current state as "on its knees."

According to the Spotlight on Corruption, the NCA is dealing with huge staff turnover, recruitment issues, and chronically low pay. The study's results are below:

Eleven years after its creation, the study highlights the agency's stagnation and the lack of attention and reform from the British government.

Microsoft announced last week two changes to its products designed to boost the company's security posture.

Redmond plans to disable ActiveX in Office apps in October and then harden the Windows CFLS logging service against logic bugs in future versions of Windows 11.

Both are important steps that address some of today's biggest attack surfaces in Windows.

The US government orchestrated its largest crackdown against Russia's disinformation apparatus on Wednesday, coming out with indictments, sanctions, visa restrictions, site takedowns, and rewards for information on some of the individuals involved.

US officials have formally accused the Kremlin of interfering again in the US Presidential Election, mainly through the work of several of its entities pushing to promote Donald Trump and the Republican Party.

The actions hit well-known purveyors of Russian propaganda, such as Doppelganger, Structura, RRN, SDA, and even RT (formerly Russia Today).

Google has discovered exploits developed by commercial spyware vendors being used by Russian government espionage groups.

Per Google's Threat Analysis Group (TAG): 

TAG does not know how these attackers acquired these exploits. However, by the time attackers used them, they had been patched and were no longer 0days.

The White House has published a roadmap this week with its top recommendations for improving the security of internet routing protocols.

The document [PDF] specifically looks at ways of improving the security of the Border Gateway Protocol (BGP), the technology responsible for directing internet traffic between different networks across  all the globe.

The White House started looking into BGP security in 2022 as part of a concerted US government effort to secure internet routing and prevent foreign actors from hijacking traffic from American networks using attacks known as BGP hijacks.

The US Department of Justice has charged a Romanian and a Serbian man for a years-long swatting campaign that terrorized US citizens, including multiple senior government officials.

Officials say a 26-year-old Romanian named Thomasz Szabo was the moderator of an online chatroom called "Shenanigans," where he planned swatting and fake bomb threats since December 2020.

Szabo allegedly worked closely with a 21-year-old from Serbia named Nemanja Radovanovic.

An Iranian cyber contractor has been moonlighting as an initial access broker and providing support for ransomware gangs as a way to fill their personal coffers.

In a joint report published this week, CISA, the FBI, and the DOD's cybercrime division say that an Iranian group tracked as Pioneer Kitten (Fox Kitten, UNC757, Parisite, RUBIDIUM, Lemon Sandstorm) has created successful personas on the criminal underground where it sells access to the networks of hacked companies.

The group has operated using hacker names such as "Br0k3r" and "xplfinder" and has been observed selling access to affiliates for the AlphV, NoEscape, and RansomHouse ransomware operations.