Kaspersky outlines the activities of a Chinese APT (tracked as "Luminous Moth") engaged in cyberespionage against Southeast Asian targets. Myanmar and the Philippines are receiving most of the group's attention.
Google's Threat Analysis Group yesterday blogged about four campaigns it's found in the wild that exploited zero-days. One extensive campaign, targeting mostly European government officials and believed to be the work of a Russian intelligence service, used LinkedIn spam to push malicious links. Three other campaigns, including some used against Armenian targets, appear to have been sold to various unnamed governments by a zero-day broker. While Google's estimation is that a single broker was behind the sales, CyberScoop sees Google's report as exposing a growing market for zero-days.
The REvil ransomware gang remains in the wind, gone from its customary haunts on the Web. TASS says Russian authorities know nothing about REvil's vanishing act. News outlets (including Spiegel and the Moscow Times) review the leading lines of speculation about the disappearance: some Russian enforcement action, an American takedown, or simply REvil's going on the lam, but little new light has been shed on the matter. Consensus holds, however, that relaxing vigilance against ransomware attacks would be unwise.
According to Sky News, the head of Britain's MI5 warns that private persons remain targets for recruitment or manipulation by hostile intelligence services.
INKY reports that the value Bitcoin has assumed in the marketplace has driven a rise in impersonation scams in which criminals mimic the appearance of the widely used Coinbase exchange.