More malware designed to operate against air-gapped systems. British utility hacked. Super villains and foreign ministers.
Two more malware strains targeting air-gapped systems have joined the Ramsay malware ESET described Wednesday. Trend Micro has announced its discovery of USBFerry, a tool the Tropic Trooper threat actor is using against Philippine and Taiwanese military targets. Tropic Trooper, also known as KeyBoy, is probably a Chinese government unit. And Kaspersky has found COMPfun active against European diplomatic organizations; the researchers attribute it to the Turla APT, a Russian state-sponsored operation. The functionality that gives all three tools the ability to work against air-gapped systems is neither particularly spooky nor exotic: it's the way they move malware and data between targeted systems and removable storage media. Eventually somebody plugs something in.
British electrical utility Elexon yesterday disclosed that its "internal IT systems" and "laptops" had been affected by an unspecified cyberattack. ZDNet thinks it looks like a ransomware attack, perhaps enabled by Elexon's use of an outdated and unpatched Pulse Secure VPN. In any case, as the Guardian reports, the "lights stay on": transmission remains unaffected.
Indulging national pride in what almost amounts to an admission against interest, TASS is authorized to disclose that all the world's "top cyber villains" speak Russian, because Russians are the best programmers. So, ваше лучше, наши друзья, but not when it comes, apparently, to hacking Kanzlerin Merkel. Whatever they're saying in Berlin, Russian Foreign Minister Lavrov harrumphs (according to the Moscow Times) that for five years there's been "not one single concrete fact provided." Pay no attention to that GRU-man behind the curtain: no super villains there.
Gloss