Russia-Based Hacking Group Released Pro-Brexit Leaders' Emails on Leak Site

Twitter to pay $150 million to settle government privacy lawsuit, Nigeria arrests likely SilverTerrier leader, Spain's PM to implement reforms in wake of Pegasus scandal, ProtonMail is now Proton, mor

Check out my latest CSO column, which examines how the Ukrainian tractor bricking incident reported earlier this month points to possible security threats to the agriculture industry.

Photo by Alexander Andrews on Unsplash

A new website called Very English Coop d'Etat that published leaked emails from several leading proponents of Britain's exit from the European Union is tied to a Russia-based hacking group called Cold River, according to Google’s Threat Analysis Group and the former head of UK foreign intelligence Richard Dearlove.

The website published private emails from Dearlove, leading Brexit campaigner Gisela Stuart, pro-Brexit historian Robert Tombs, and other supporters of Britain's separation from the EU. The emails mainly appear to have been exchanged using ProtonMail. The site contends it is part of a group of hardline pro-Brexit figures secretly calling the shots in the United Kingdom.

Thomas Rid, a cybersecurity expert at Johns Hopkins University, said, "What jumps out at me is how similar the M.O. is to Guccifer 2 and DCLeaks," he said, referring to two of the sites that disseminated leaked emails stolen from Democrats in the run-up to the 2016 U.S. presidential election. (Raphael Satter, James Pearson, and Christopher Bing / Reuters)

Related: NBC News, Tech Monitor, Dark Reading, Gadgets Now, CyberNews, The Independent, TechRadar, EURACTIV.com, NDTV Gadgets360.com, The Register, Slashdot, The Tech Outlook

Shane Huntley @ShaneHuntley

Article on latest Russian efforts. The "English Coop" website was linked to what the Google knew as "Cold River," a Russia-based hacking group. We're able to see that through technical indicators. EXCLUSIVE Russian hackers are linked to new Brexit leak website, Google saysA new website that published leaked emails from several leading proponents of Britain’s exit from the European Union is tied to Russian hackers, according to a Google cybersecurity official and the former head of UK foreign intelligence.reuters.com

May 25th 2022

7 Retweets8 Likes

Kevin Collier @kevincollier

Russian intelligence playing the old hits: hack-and-leak sites and pushing seemingly authentic Brexit docs as a divisive issue.

Raphael Satter @razhael

New & developing story: A leak website has emerged and is distributing private emails from high-profile Brexit supporters, including ex-MI6 boss Richard Dearlove. Dearlove blames Moscow. And now Google's Threat Analysis Group backs his assessment. https://t.co/rmkFF3RyGJ

May 25th 2022

In one of the most significant privacy settlements involving a tech company, the Federal Trade Commission (FTC) and the Justice Department announced that Twitter would pay a $150 million fine to settle allegations that it deceptively used email addresses and phone numbers it had collected to target advertising.

The regulators said the company is also banned from profiting off the “deceptively collected” data and be required to notify the more than 140 million users who were affected that it used their phone numbers and email addresses for advertising. The Twitter fine is significantly smaller than the $5 billion fine that the FTC imposed on Facebook in 2019 but is slightly higher than the 2018 settlement that states reached with Uber over a 2016 data breach. (Cat Zakrzewski / Washington Post)

Related: News : NPR, 9to5Mac, Bleeping Computer, UPI.com, CNBC Technology, The Block, Motherboard, Courthouse News Service, protocol, Engadget, Insider Paper, Reuters: World News, Technology News | Boston.com, The New Daily, Associated Press Technology, The Independent, Security Week, Business Insider, Variety, Washington Examiner, Washington Post, DNA India, Variety, Insider Paper, Technology | The Hill, Telecompaper Headlines, UPI.com, UPI.com, CNBC, The Hacker News, Courthouse News Service, Protocol, Pixel Envy, 9to5Mac, OpIndia, Washington Examiner, Business Insider, The Financial Express, Silicon Republic, Mashable, TechDator, Tech Xplore, Technology News | Boston.com, Associated Press Technology, The New Daily, The Independent, Security Week, iTech Post : Latest News, CNN, Federal Trade Commission, Justice Department

After a year-long investigation codenamed Delilah, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a significant business email compromise (BEC) group known as SilverTerrier or TMT.

Palo Alto Networks and Group IB collaborated with Interpol for Operation Delilah and cybersecurity company Trend Micro, providing threat intelligence, telemetry data, and other insights about BEC actors. This latest operation follows two other Interpol operations, Falcon I in 2020 and Falcon II in 2021, which resulted in the arrest of 14 SilverTerrier members. The individual arrested in March escaped the arrest during the Falcon II operation by fleeing Nigeria in June 2021, and he was caught when trying to get back home. (Ionut Ilascu / Bleeping Computer)

Related: Interpol, Group-IB, Dark Reading, Security Affairs, The Hacker News, Cyberscoop, The Record by Recorded Future, PCMag.com, Security Week, Palo Alto Networks

Privacy-focused email provider ProtonMail is rebranding itself simply as Proton, emphasizing its whole suite of privacy-focused services and updating its plans.

The company has a new website (proton.me), and both new and existing users can use the @proton.me address rather than the old @protonmail.com option. In addition, proton now offers Free, Mail Plus, and Unlimited tiers. The new free tier expands storage to 1GB but remains relatively constrained, with users able to send only 150 messages per day and have three labels and folders, for example. (Nathan Ingraham / Engadget)

Related: PCMag.com, Android Police, reddit TECH NEWS, 9to5Mac, geekinteger, Hacker News: Newest, Slashdot

Researchers from Crowdstrike observed a threat actor that focused mainly on targeting Linux and Solaris systems using the custom-built BPFDoor implant on telecommunications providers to steal personal user information (e.g., call detail records, data on specific phone numbers).

The company is tracking the backdoor under the name JustForFun and attributes it to an adversary they refer to as DecisiveArchitect. They have provided details about how defenders can detect the BPFDoor implant and highlight techniques used across Solaris systems. (Ionut Ilascu / Bleeping Computer)

Related: Crowdstrike

Spain’s Prime Minister said that his government would “strengthen judicial control” over its secret services in the wake of a scandal over the hacking of the mobile phones of top politicians with Israeli-produced spyware.

“It is a question of strengthening the guarantees of this control but also of ensuring maximum respect for the individual and political rights of people,” Sanchez told parliament as he announced the reform. (AFP)

Related: Al Jazeera

profdeibert @RonDeibert

🇪🇸 PM says secret service needs reform after Pegasus scandal 👍 But he also questions @citizenlab methods. Strangely, no one from Spanish gov has requested to meet with us to validate🤔 He must be getting his intel from the kooks on Twitter.

Europa Press @europapress

Sánchez dice que desconocía el espionaje a independentistas y cuestiona la metodología del informe de Citizen Lab https://t.co/ufavh8Kgle

May 26th 2022

1 Retweet7 Likes

Developers for Tails (short for The Amnesic Incognito Live System) warned users to stop using the portable Debian-based Linux distro until the next release if they enter or access sensitive information using the bundled Tor Browser application.

The warning was prompted by two critical zero-day bugs in the Firefox JavaScript engine (tracked as CVE-2022-1802 and CVE-2022-1529), exploited during the first day of the Pwn2Own 2022 Vancouver hacking contest and patched by Mozilla two days later. The flaws do not affect Tor Browser users when used on the Safest security level because it automatically disables JavaScript while browsing. Moreover, Thunderbird users are not impacted because the version bundled with the Tails Linux distro has JavaScript disabled by default. (Sergiu Gatlan / Bleeping Computer)

Related: The Hacker News, Reddit

Researchers at Red Canary report that the ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.

ChromeLoader is a browser hijacker that can modify the victim's web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites. The operators of the hijacker use a malicious ISO archive file to infect their victims, which masquerades as a cracked executable for a game or commercial software, so the victims likely download it themselves from torrent or malicious sites. (Bill Toulas / Bleeping Computer)

Related: Red Canary

Operational technology and critical infrastructure security solutions provider Xona announced it had raised $7.2 million in a Series A venture funding round.

DataTribe Opportunities Fund led the round with participation from TFX Capital and individual investors. (Matt Hooke / Biz Journals)

Related: FinSMEs, Help Net Security, Business Wire