Lightning & Thunder in Amsterdam. Microsoft concludes Solorigate inquiry. Threat actors at work on new Macs. Lessons from ice.
The Netherlands Times reports that an investigation by Bitdefender (in cooperation with the radio news outlet Argos) has uncovered a large cyberespionage operation, apparently Iranian in origin, that’s managed to establish its infrastructure in two Amsterdam data centers. The basic malware, "Foudre" (“lightning,” in French) was identified in 2016 and has been active for about a decade. It’s added new command-and-control capabilities as well as a new component, "Tonnerre” (“thunder”) for persistence, surveillance and data exfiltration. The operation appears to target devices in the Netherlands, Germany, Sweden, and India.
Microsoft published what it calls its “final update” on Redmond’s internal investigation of Solorigate yesterday. They found no evidence that threat actors gained access to either production servers or customer data, and concluded that Microsoft systems weren't used to attack third parties. They did find signs that intruders were able to inspect some code repositories for Azure cloud identity and security programs, for Exchange, and for Intune mobile management.
ESET reports that threat actors have begun to work on Apple's new, month-old Silicon M1 Macs, the ones equipped with Apple's in-house chips. Red Canary calls the "activity cluster" "Silver Sparrow," and says it lacks a payload.
The Texas winter storms aren't, of course, a cyber incident, but they may hold lessons for business continuity and recovery planning against the possibility of cyberattacks on power grids. In this case, according to the Wall Street Journal, a number of data centers have done fine, but the storm's been harder on humans than machines.
Gloss