Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.

Wiper malware hits Russian targets. Microsoft sees an intensification of Russian cyber operations against Ukraine. State policy, privateering, or an APT side-hustle? The US Cyber Safety Review Board will investigate the Lapsu$ Group. Rackspace works to remediate a security incident. The Schoolyard Bully Trojan harvests credentials. Grayson Milbourne of OpenText Security Solutions on attacks on common open source dev libraries. Rick Howard looks at CISO career paths. And trends in ransomware: cybercrime succeeds when the gang runs like a business.

For links to all of today’s stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/11/231

Selected reading.

CryWiper: fake ransomware (Kaspersky).

CryWiper data wiper targets Russian courts and mayors’ offices (Computing)

Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (Ars Technica)

Russian regions attacked by new wiper posing as ransomware (Cybernews)

Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft On the Issues)

Russia coordinating Ukraine hacks with missiles, could increasingly target European allies, Microsoft warns (POLITICO)

Russia Is Boosting Its Cyber Attacks on Ukraine, Allies, Microsoft Says (Bloomberg.com) 

Hackers linked to Chinese government stole millions in Covid benefits (NBC News)

Cyber Safety Review Board to Conduct Second Review on Lapsus$ (US Department of Homeland Security)

Rackspace: Ongoing Exchange outage caused by security incident (BleepingComputer) 

Schoolyard Bully Trojan Facebook Credential Stealer (Zimperium)

The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses (LookingGlass Cyber Solutions Inc.)