{"id":37811,"date":"2020-10-23T12:30:03","date_gmt":"2020-10-23T12:30:03","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=544574"},"modified":"2020-10-23T12:30:03","modified_gmt":"2020-10-23T12:30:03","slug":"this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/","title":{"rendered":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree"},"content":{"rendered":"<p><img decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-300x300.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt=\"week in security\" loading=\"lazy\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-300x300.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-768x768.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-1024x1024.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-640x640.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-900x900.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-440x440.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-380x380.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"> <\/p>\n<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed \u2018Operation Earth Kitsune\u2019 that is spying on users\u2019 systems through compromised websites. Also, read about how APT groups are threatening DDoS attacks against victims if they don\u2019t send them bitcoin.<\/p>\n<p>Read on:<\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/ddos-extortion-hacking-fancy-bear-lazarus-group\/\"><strong>Fancy Bear Imposters Are on a Hacking Extortion Spree<\/strong><\/a><\/p>\n<p><em>Radware recently published extortion notes that were sent to a variety of companies globally. The senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The notes threaten that if the target doesn\u2019t send bitcoin, powerful distributed denial of service (DDoS) attacks will be launched against the victim. Robert McArdle, Trend Micro\u2019s director of our Forward-Looking Threat Research (FTR) team, comments on DDoS as an extortion method.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/a-ride-on-taiwan-s-self-driving-bus\"><strong>A Ride on Taiwan\u2019s Self-Driving Bus<\/strong><\/a><\/p>\n<p><em>The self-driving bus is now being tested on the streets of downtown Taipei and more autonomous buses are being deployed in other places, including Germany, Japan and Canada. Since connected cars are still a relatively new technology, the dangers of these vehicles are unknown and mostly speculated. In this article, Trend Micro discusses potential security implications of these connected vehicles. <\/em><\/p>\n<p><em>&nbsp;<\/em><a href=\"https:\/\/www.nytimes.com\/2020\/10\/19\/us\/politics\/russian-intelligence-cyberattacks.html?campaign_id=60&amp;amp;emc=edit_na_20201019&amp;amp;instance_id=0&amp;amp;nl=breaking-news&amp;amp;ref=headline&amp;amp;regi_id=79645748&amp;amp;segment_id=41517&amp;amp;user_id=5853451aea00531d3e02cffa95e0a9ee\"><strong>U.S. Charges Russian Intelligence Officers in Major Cyberattacks<\/strong><\/a><\/p>\n<p><em>This week, the Justice Department unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.<\/em><\/p>\n<p><em>&nbsp;<\/em><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/operation-earth-kitsune-tracking-slub-s-current-operations\"><strong>Operation Earth Kitsune: Tracking SLUB\u2019s Current Operations<\/strong><\/a><\/p>\n<p><em>A watering hole campaign that Trend Micro has dubbed as Operation Earth Kitsune is spying on users\u2019 systems through compromised websites. Using SLUB and two new malware variants, the attacks exploit vulnerabilities including those of Google Chrome and Internet Explorer.<\/em><\/p>\n<p><strong><a href=\"https:\/\/www.nbcnews.com\/politics\/2020-election\/cybersecurity-firm-finds-hacker-selling-info-148-million-u-s-n1244211\">Cybersecurity Company Finds Hacker Selling Info on 186 Million U.S. Voters<\/a><\/strong><\/p>\n<p><em>Trustwave says it found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/j\/future-imperfect.html\"><strong>Future Imperfect<\/strong><\/a><\/p>\n<p><em>In 2012, Trend Micro, the International Cyber Security Protection Alliance (ICSPA) and Europol\u2019s European Cyber Crime Centre (EC3) collaborated on a white paper that imagined the technological advances of the coming 8 years, the societal and behavioral changes they may bring and the opportunities for malfeasance they could present.<\/em> <em>As we enter the 2020s, we now have the opportunity to objectively review the project against a number of success factors.<\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin\/#ftag=RSSbaffb68\"><strong>WordPress Deploys Forced Security Update for Dangerous Bug in Popular Plugin<\/strong><\/a><\/p>\n<p><em>WordPress sites running Loginizer, one of today\u2019s most popular WordPress plugins with an install base of over one million sites, were forcibly updated this week to Loginizer version 1.6.4. This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/j\/just-leave-that-docker-api-on-the-front-porch-no-one-will-steal-it.html\"><strong>Just Leave That Docker API on the Front Porch, No One Will Steal It<\/strong><\/a><\/p>\n<p><em>Recently, a new type of Linux malware named \u201cDOKI\u201d has been discovered exploiting publicly accessible Docker API\u2019s hosted in all major cloud providers. The manner in which threat actors are gaining access to container environments is a previously discovered technique, but the DOKI malware is something that has not been documented until now.<\/em><\/p>\n<p><a href=\"https:\/\/threatpost.com\/adobe-critical-code-execution-bugs\/160369\/\"><strong>Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio<\/strong><\/a><\/p>\n<p><em>Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Two of the issues are out-of-bounds read flaws, (CVE-2020-24409, CVE-2020-24410); one is an out-of-bounds write bug (CVE-2020-24411). Tran Van Khang, working with Trend Micro Zero Day Initiative, is credited for the discoveries.<\/em><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3587108\/us-treasury-department-ban-on-ransomware-payments-puts-victims-in-tough-position.html#tk.rss_all\"><strong>US Treasury Department Ban on Ransomware Payments Puts Victims in Tough Position<\/strong><\/a><\/p>\n<p><em>This month, the US Treasury Department\u2019s Office of Foreign Assets Control (OFAC) warned organizations making ransomware payments that they risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers. The advisory has the potential to disrupt the ransomware monetization model, but also puts victims, their insurers and incident response providers in a tough situation.<\/em><\/p>\n<p>What are your thoughts on the sanctions imposed by the government against cybercriminal groups or state-sponsored hackers?&nbsp; Share your thoughts in the comments below or follow me on Twitter to continue the conversation: <a href=\"https:\/\/twitter.com\/jonlclay\">@JonLClay.<\/a><!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Button BEGIN --><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed \u2018Operation Earth Kitsune\u2019 that is spying on users\u2019 systems through compromised websites. Also, read about how APT groups&#8230;<br \/>\nThe post This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37812,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[311,399],"class_list":["post-37811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-current-news","tag-industry-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-23T12:30:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree\",\"datePublished\":\"2020-10-23T12:30:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/\"},\"wordCount\":814,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg\",\"keywords\":[\"Current News\",\"Industry News\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/\",\"name\":\"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg\",\"datePublished\":\"2020-10-23T12:30:03+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Current News\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/current-news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/","og_locale":"en_US","og_type":"article","og_title":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-23T12:30:03+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree","datePublished":"2020-10-23T12:30:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/"},"wordCount":814,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg","keywords":["Current News","Industry News"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/","url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/","name":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg","datePublished":"2020-10-23T12:30:03+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree.jpg","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-watering-hole-campaign-operation-earth-kitsune-spying-on-users-systems-and-fancy-bear-imposters-are-on-a-hacking-extortion-spree\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Current News","item":"https:\/\/www.threatshub.org\/blog\/tag\/current-news\/"},{"@type":"ListItem","position":3,"name":"This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users\u2019 Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37811"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37812"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}