At a glance.
- Five Eyes call out GRU cyberespionage campaign.
- Russian hacktivist auxiliary hits Polish and Czech organizations.
- Investigation of railroad incidents in Poland continues.
- DPRK's Lazarus Group exploits ManageEngine issues.
- China's GREF deploys tools used against Uyghurs in broader espionage.
- Cyberespionage campaign by Earth Estries.
- Chinese influence campaign taken down by Meta was long-running and persistent.
- Adversary-in-the-middle attacks.
Five Eyes call out GRU cyberespionage campaign.
Early Thursday the Five Eyes--the intelligence services of Australia, Canada, New Zealand, the United Kingdom, and the United States--issued a joint advisory providing further details on the malware, "Infamous Chisel," used in a GRU cyberespionage campaign first described early this month by Ukraine's SBU. Infamous Chisel targets Android devices on behalf of Sandworm, the threat group associated with the GRU’s Main Centre for Special Technologies (GTsST). The US Cybersecurity and Infrastructure Security Agency (CISA) explains that "It performs periodic scanning of files and network information for exfiltration," including system and application configuration files. It "provides network backdoor access via a Tor (The Onion Router) hidden service and Secure Shell (SSH)," as well as other capabilities that include "network monitoring, traffic collection, SSH access, network scanning, and SCP file transfer." Infamous Chisel isn't sophisticated or well-crafted malware. The Five Eyes assess the malware's components as representing "low to medium sophistication." They "appear to have been developed with little regard to defense evasion or concealment of malicious activity." Its targets seem to have been mainly Ukrainian military devices.