Hi, folks,

This may impact some of you:

https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

That URL contains two PDFs (linked near the bottom) - one with a narrative report, and another with indicators of compromise. You may benefit from searching through your IDS and netflow logs for these IOCs.

On a related note, I've seen a number of examples lately of IT folks being targeted where they're less on guard (e.g. home/personal infrastructure) as a vector for gaining access to juicier targets at their employers. You don't have to be personally wealthy or otherwise of direct interest to be of use to an attacker.

Graham Freeman

https://graham-freeman.info/