Russia, Russia, Russia Is The Top Cyber Foe

Russia, Russia, Russia Is The Top Cyber Foe

Russia's Energetic Bear hacked two-state and local gov't computer networks, UK backs EU in sanctioning GRU for Parliament hacks, Government confirms Iran behind spoofed Proud Boys threats

Despite the Trump Administration’s efforts to cast Iran as an equal foe when it comes to cyberattacks, top intelligence officials have stressed that Russia is by far the biggest adversary to the U.S. in the digital realm. (Julian E. Barnes, Nicole Perlroth and David E. Sanger / New York Times), HOTforSecurity, Sydney Morning Herald, Ellen Nakashima, The Week, Stars and Stripes, The Hill: Cybersecurity,  Daily Kos, TechTarget, Infosecurity.US, Qualys Blog

Russia’s Energetic Bear Hacking Group Breached and Exfiltrated Data From Two Government Systems

In a joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the U.S. government said that Russian state-sponsored hackers had targeted, and in two instances successfully breached U.S. state and local government computer networks. Officials identified the Russian hacker group as Energetic Bear. (Catalin Cimpanu / ZDNet)

Related: Axios, CBC , The Times of Israel, Reuters: World News, Politico,, The Hill: Cybersecurity, Daily Mail,, Daily Maverick, Channel News Asia, Bleeping Computer, The Hindu - News, Cyberscoop, US-CERT

UK Backs EU in Sanctioning Russia’s GRU for Attack on German Parliament

The UK has joined the EU in sanctioning Russian intelligence service GRU over its involvement in the 2015 cyberattack against the German Parliament. That attack targeted the parliament’s information system and affected its operation for several days. (Andrew McDonald / Politico EU)

Related: ZDNet Security,, Associated Press Technology, The Independent, Courthouse News Service, Slashdot, The Moscow Times, ZDNet Security, Deutsche Welle, The Moscow Times, DAILYSABAH, POLITICO EU,, Eur-Lex, Teller Report, The Moscow Times, Cyberscoop, Daily Mail, International Policy Digest, Security Affairs, Bleeping Computer, Slashdot

Government Officials Confirm Iran Was Behind Spoofed Proud Boys Emails, Video

The U.S. Government has publicly blamed Iran for spoofing the Proud Boys in thousands of threatening emails sent to voters in Florida, Alaska, Arizona, and other states. Motherboard obtained the video sent to some of those voters, which, according to one expert on Iran, “is reminiscent of a video ostensibly created by an Iranian domestic group after a series of mysterious explosions in the country, and an attack on a nuclear plant.” (Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard)

Related: AP News, Daily Mail, Yahoo News, ZDNet,  The Hill: Cybersecurity, HOTforSecurity, Reuters

Dutch Researcher Claims Successful Hack of Trump’s Twitter Account…Again

Dutch researcher Victor Gevers claims he hacked Donald Trump's Twitter account by guessing his password correctly as maga2020. Gevers said he could view his personal messages, post tweets in his name, and change his profile. Gevers took screenshots when he had access to Trump's account which were shared with de Volkskrant by the monthly opinion magazine Vrij Nederland. Twitter said it has seen no evidence to verify Gevers claims. (de Volkskrant)

Related: HackRead, Techradar, Neowin, Ars Technica, Forbes, The National, Mediaite, HackRead, Reddit - cybersecurity, Motherboard, Slashdot, Ars Technica, TechCrunch, iNews, Futurism, Boing Boing, Daily Dot, Input, The Guardian, The Mary Sue, The Verge, Fortune, Gizmodo Australia, Mashable, Jezebel, Reddit-hacking,, Threatpost, Slashdot

The U.S. Accuses China of Helping North Korea Launder Cryptocurrency Thefts

John Demers, the assistant attorney general for national security, accused China of helping North Korea launder money from massive cyber thefts it has carried out to raise funds in the face of international sanctions. Demers also said that North Korea was likely getting support from China in the form of cyber expertise and training. (David Brunnstrom, Michelle Nichols, Raphael Satter, and Mark Hosenball / Reuters)

Related: YonhapNews

Ransomware Attack on Georgia County Systems May Have Impacted Voting Infrastructure

A ransomware attack on Hall County, Georgia, about an hour north of Atlanta, which was made public on October 7 may have had negative effects on voting infrastructure that are just now coming to light. Among the affected systems are a voter signature database, as well as a voting precinct map hosted on the county's website. Officials there say despite the impact on these systems, the voting process remains unaffected. (Megan Reed / The Gainesville Times)

Related:, New Europe, The Record

Drug Company Working on Russian COVID-19 Vaccine Crippled by Ransomware Attack

Hyderabad-based pharma company Dr. Reddy’s Laboratories has closed down all of its plants following a suspected ransomware attack. The attack came days after the company was given approval in India to conduct phase 2 and 3 clinical trials of the Russian Covid vaccine Sputnik V. The company said it expected to resume operations within 24 hours. (Regina Mihindukulasuriya / The Print)

Related: Business Standard, Devdiscourse, NDTV

Other Infosec Developments

  • Security company Arctic Wolf closed a $200 million Series E funding round that values it at $1.3 billion, becoming the first cloud-native managed detection and response (MDR) vendor to reach unicorn status. The round was led by Viking Global Investors, but also received participation from DTCP and existing investors. (Ionut Arghire / Security Week)
  • Following sexually-tinged tweets sent from Fort Bragg’s official Twitter account, Fort Bragg officials claimed that the Twitter account had been 'hacked' by some anonymous adversary. As it turns out, the administrator of the Fort Bragg account admitted to sending the offensive tweets. (Jared Keller / Task and Purpose) Related: Miami Herald, New York Daily News, Stars and Stripes, Daily Mail
  • A database with information on virtually the entire US voting population, containing 186 million records, has been circulated on hacker forums, opening up the potential for disinformation and scams that could impact the November 3 election, researchers from Trustwave report. The database "includes a shocking level of detail about citizens including their political affiliation" according to Trustwave. (AFP)Related: Cyber Shafarat, Business Insider, Daily Mail, Tech Xplore, Raw Story
  • European IT services group Sopra Steria, which also claims to be a specialist in cybersecurity, has been hit by a suspected ransomware attack. Press reports indicate that the Ryuk ransomware is the culprit. (Graham Cluley)Related: Finextra Research news, DataBreaches.netPhoto by Марьян Блан | @marjanblan on Unsplash

Read more