Twitter’s investigation of its Wednesday afternoon hack continues. Reuters reports pre-hack chatter on a grey market frequented by gamers, swappers, and skids offering to sell Twitter accounts, which suggests low-level criminal activity as opposed to state-directed espionage. KrebsOnSecurity has published some suggestive (albeit preliminary and inconclusive) evidence that it was indeed a well-executed but not fully thought-through criminal scam, organized by a sim-swapper (nom de hack “PlugWalkJoe”) connected with the ChucklingSquad gang.
Bloomberg interviews a Darktrace co-founder who says that Cozy Bear’s hack of COVID-19 biomedical research put patient data as well as intellectual property at risk.
Australian intelligence services have joined their Five Eyes sisters in the UK, Canada, and the US in pointing to Russia’s Cozy Bear as the actor behind cyberespionage directed against such research, the Sydney Morning Herald reports.
Russia’s embassy in London, responding to “unfriendly statements by Foreign Secretary Dominic Raab,” said that Russia didn’t hack any biomedical research, didn’t attempt to influence any “democratic elections,” and that it reiterated its offer to jointly investigate and adjudicate cyber issues. The embassy also hints that Moscow won’t take any British cyber retaliation lying down.
IBM’s X-Force has gained some insight into Iran’s ITG-18, a threat group IBM says “overlaps” Charming Kitten and Phosphorus, including the threat group’s training videos, left exposed by an Iranian operator’s opsec fumbles.
CISA is serious about the Windows DNS Server vulnerability mitigated this week. Emergency Directive 20-03 tells US Federal agencies to apply the patch by 2:00 PM Eastern time today.