CERT-In warns transportation sector. Project Zero on a sophisticated zero-day campaign. SilverFish described. REvil hits Acer.

The Business Standard reports that India’s Ministry of Road Transport and Highways yesterday alerted the country’s transportation sector to expect cyberespionage. The Hindu Businessline says a note they obtained represents CERT-In’s conclusions: “CERT-In has observed continued targeted intrusion activities from Chinese state-sponsored actors towards Indian transport sector with the possible intention to collect intelligence and conduct cyber espionage.”

Google’s Project Zero has provided an update on a campaign they began tracking last year, providing additional information on seven zero days its researchers detected a threat actor using this past October. Windows, iOS, and Android systems were affected; victims were usually infected in watering hole attacks. The unknown threat actor used a total of eleven zero days over their campaign’s yearlong run. Their development would have been expensive, and the infrastructure used was large and carefully constructed.

Researchers at Swiss security firm Prodaft report that they’ve identified a threat actor (“SilverFish”) whose target list significantly overlaps the list of victims of SolarWinds exploitation. Some of SilverFish’s servers were also used by the EvilCorp crime group. Prodaft offers no attribution, beyond characterizing SilverFish as a “highly sophisticated group of cyber criminals targeting exclusively large corporations and public institutions worldwide, with focus on the EU and US.” 

The REvil ransomware gang has hit Taiwanese device manufacturer Acer with a $50 million extortion demand, the Record by Recorded Future reports. The extortion includes the now routine threat to release stolen company documents. CRN reports that the attackers hit Acer through its Microsoft Exchange servers.