CrowdStrike が INDRK SPIDER と呼称するアクター (Evil Corp) の最近の活動について報告。WastedLocker を進化させた亜種 Hades ランサムウエアが利用されている
Based on significant code overlap, CrowdStrike Intelligence has identified Hades ransomware as INDRIK SPIDER’s successor to WastedLocker. Hades ransomware — first publicly identified by security researchers in December 2020
— was named for a Tor hidden website that victims are instructed to visit; however, Hades is merely a 64-bit compiled variant of WastedLocker with additional code obfuscation and minor feature changes. The WastedLocker-derived Hades ransomware is unrelated to a similarly named ransomware family, Hades Locker, identified by security firms in 2016.
PRODAFT が米国および欧州をターゲットにした攻撃グループ SilverFish の活動についてレポートを公開。SolarWinds 事案や、Evil Corp の活動との関連性を指摘している。
In this report, we were able to analyze various servers and samples allowing us to link the SilverFish group with the infamous SolarWinds attacks, which became public around December 2020 . Moreover, the PTI Team has uncovered that the same servers were also used by EvilCorp  which modified the TrickBot infrastructure for the purpose of a large scale cyber espionage campaign. EvilCorp is known to be responsible for the development and distribution of the Dridex  and WastedLocker  malware.
(コメント) 攻撃者の C2 サーバにアクセスしてデータを分析するなど、かなりアグレッシブな調査を行っている
Facebook が中国のアクター (Earth Empusa / Evil Eye) による攻撃活動とその対応について報告
Today, we’re sharing actions we took against a group of hackers in China known in the security industry as Earth Empusa
or Evil Eye
— to disrupt their ability to use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet. They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries. This group used various cyber espionage tactics to identify its targets and infect their devices with malware to enable surveillance.