Twitter has suspended two accounts that North Korean operators established for the apparent purpose of catphishing security researchers. The Record reports that the two accounts are part of an espionage campaign that began last year. A member of Google's Threat Analysis Group says the two accounts are part of a cluster, some of whose members were taken down in August.
The Sinclair Broadcast Group, which operates one-hundred-eighty-five television stations with six-hundred-twenty channels in eighty-six US media markets, has disclosed that it determined yesterday that it had been subjected to a ransomware attack. The media company detected what it regarded as "a potential security incident" on Saturday, and is now in the process of recovery. The Hollywood Reporter says that some service disruptions continue today. NY1 reports that the attack involved, as is now routine in such criminal operations, a data breach of thus far unknown scope.
The REvil ransomware gang appears to have again withdrawn from active operations, this time, BleepingComputer reports, because unknown parties hijacked the Tor sites the gang used for receiving payments and leaking stolen data. REvil appears to have detected the hijacking yesterday, and observers think that this time the gang may be down for the count, although of course it's possible members will resurface in other criminal or privateering organizations.
Some security firms see, according to the Wall Street Journal, a middle ground in incident response between supine victimhood and aggressive (also probably illegal) hacking back. It involves both information-gathering and direct, legally menacing confrontation.