EU Accuses Russian State Hackers of Meddling With Member States' Elections, Political Systems

Google warms of zero day exploited in the wild, The Epik hack continues to reverberate, CIA reportedly plotted to kidnap and even kill Assange over Vault 7 leaks, Hackers steal Oath Keeper data, more

The European Union formally accused the Russian government and its state hacking group called Ghostwriter of meddling inside the elections and political systems of several E.U. states.

Since 2017, the group has primarily targeted officials and news sites inside Latvia, Lithuania, and Poland. However, its most infamous attack was an attempt to distribute a forged letter from the NATO Secretary-General to Lithuania’s Defense Ministry purporting to announce the withdrawal of NATO troops from the country. (Catalin Cimpanu / The Record)

Related: Tech Times, European Council, Bleeping Computer, Security News | Tech Times, The Hill: Cybersecurity, TechCrunch, Japan Today, Associated Press Technology, Infosecurity Magazine

Google issued an emergency update addressing a high-severity zero-day vulnerability exploited in the wild affecting Chrome for Windows, Mac, and Linux. The exploitation of the vulnerability can let attackers execute arbitrary code on computers running unpatched Chrome versions.

Clément Lecigne from Google TAG, with assistance from Sergei Glazunov and Mark Brand from Google Project Zero, reported the flaw (CVE-2021-37973) on September 21, the first day Google Chrome 94 stable release was published. (Sergiu Gatlan / Bleeping Computer)

Related: Tom's Guide, Bleeping Computer, US-CERT Current Activity, Chrome, The Hacker News, Security Week

Following Lithuania’s advice to its citizens not to purchase Chinese manufacturer Xiaomi phones and throw out any already-purchased Xiaomi phones, Germany is now launching its own investigation into certain Chinese phones, according to press reports.

Lithuania found a dormant censorship configuration that can be activated remotely in one model of Xiaomi phones sold in Europe. (Sarah Anne Aarup / Politico EU)

Related: NDTV, The Register - Security, Big News Network

The “Quad” group of nations, including Australia, India, Japan, and the U.S., announced various non-military technology initiatives, including cybersecurity efforts, to establish global cooperation on critical and emerging technologies, such as A.I., 5G, and semiconductors.

One of the initiatives is to launch a new Quad Senior Cyber Group that consists of "leader-level experts" who will meet regularly to advance work between government and industry. The group’s goals are to drive the adoption and implementation of shared cyber standards, develop secure software, grow the tech workforce and promote scalability and cybersecurity of secure and trustworthy digital infrastructure. (Campbell Kwan / ZDNet)

Related: MediaNama, The Register - Security, The White House

Give a gift subscription

The breach by hacktivist group Anonymous of hard-right web hosting and domain registrar company Epik has cast a light on a long murky corner of the internet, making available tens of millions of pages of information on Epik’s customers and exposing information on 110,000 customers.

Epik calls the hack “an egregious violation against our users” and contends that “domains affiliated with right-wing politics comprise less than 1 percent of users.” (Drew Harwell, Hannah Allam, Jeremy B. Merrill, and Craig Timberg / Washington Post)

Related: Inman

Former officials say the CIA, under the leadership of Mike Pompeo, plotted to kidnap and even toyed with the idea of killing Wikileaks founder Julian Assange as he entered his fifth year of asylum in Ecuador’s embassy in London.

Despite Assange’s role in leaking data favorable to Donald Trump in the run-up to the 2016 election, the agency was angered by WikiLeaks’ ongoing publication of extraordinarily sensitive CIA hacking tools, known collectively as “Vault 7, the most extensive data loss in CIA history. (Zach Dorfman, Sean D. Naylor and Michael Isikoff / Yahoo News)

A hacker claims to have stolen 5 G.B. of data from the Oath Keepers, the far-right militia group whose members were present at the January 6 insurrection.

The data, provided to the journalist and transparency collective Distributed Denial of Secrets (DDoSecrets), contains everything from emails and internal chats to details on the organization’s members and donors, including the militia’s Rocket.Chat server, an open-source communication platform where members coalesce. A membership list of the organization contains 38,000 email addresses, many from official U.S. military email addresses. It’s not clear if this hack is connected to Anonymous’s hard-right website hosting and domain registrar company Epik. (Mikael Thalen / Daily Dot)

A national security watchdog group called Property of the People discovered that an obscure arm of the United States Postal Service called the Inspection Service’s Internet Covert Operations Program (iCOP) sent bulletins to law enforcement agencies around the country on how to view social media posts that had been deleted in the aftermath of the January 6 insurrection.

iCOP also scrutinized posts on the fringe social media network Wimkin. A spokesperson for the U.S. Postal Inspection Service said the agency reviews public social media posts as part of “a comprehensive security and threat analysis.” (Betsy Woodruff Swan / Politico)

Photo by ALEXANDRE LALLEMAND on Unsplash