Moldovan Government Officials Hit by Cyberattack
Hackers appear to have compromised communications between several Moldovan government officials. Private conversations of the country’s Minister of Justice, the Defense and National Security Advisor to the President, and the former Minister of Internal Affairs have been leaked.
This is a complex story with not a lot of verification, but I wanted to highlight one important quote: “The Justice Ministry confirmed the leak but added that some messages were grossly modified or taken out of context.” This is a good one to highlight to CXOs and board members: doing company business over apps that have “zero revenue” models, or only get revenue through sponsored messages and in-app purchases is an enormous risk. The risk is not just eavesdropping, it is fake messages being sent out as coming from your company.
If you've seen the movie RED with Bruce Willis, you're thinking of the end-quotes pertaining to Moldova. In this case, it's their leadership which finds themselves in an uncomfortable position under "hot pursuit." Essentially their Telegram accounts were compromised. Beyond my usual pitch to implement MFA everywhere, I would also add understanding who and how information you're sending over a service can be accessed. If you have any doubts, implement your own encryption (such as S/MIME for email) rather than relying on service provided encryption, particularly if it's not truly end-to-end. When in doubt, use enterprise vetted services, on their issued devices.