The actors of the Vietnamese threat are back on the news. Over the long weekend, Trend Micro researchers described a recently discovered macOS backdoor that they believe is associated with the OceanLotus group of Hanoi. And the Microsoft 365 Defender Threat Intelligence team found that the group they track as Bismuth (and which they associate with OceanLotus, APT32) is actively deploying a Monero miner against its victims. The development is interesting: North Korea’s Lazarus Group has long been an anomaly among state-directed threat actors as financial gain was an important goal. It appears that the services of Vietnam may be headed down the same path.
Spamhaus encountered a suspicious revival: Fifty-two North American-based dormant networks suddenly became active within days. All are physically housed in Greater New York. Although inactive networks come back to life from time to time, researchers suspect that so many must essentially re-emerge simultaneously, with no obvious connections to each other.
A significant criminal campaign against German internet users is underway. Malwarebytes finds the campaign unusual in that the criminals are serving the Gootkit banking Trojan or the REvil (Sodinokibi) ransomware.
The US Supreme Court yesterday heard the arguments in a case that challenged a broad interpretation of the Computer Fraud and Abuse Act. The Wall Street Journal says a decision should arrive by June.
The Baltimore Sun reports that Baltimore County public schools expect to be sufficiently recovered from the ransomware attack they suffered last week to be able to resume education tomorrow.
.[ad_2]Source link