Group-IB reported this morning that the BlackMatter ransomware-as-a-service gang (apparently itself a rebranding of the DarkSide) has announced that it's shuttering its criminal business. The gang cited "certain unsolvable circumstances associated with pressure from the authorities" as the reason for its decision to close. Rump services will continue for a time in order to give its affiliates information and decryptors, but the final word to the affiliates is a farewell wish for further success.
BlackMatter's affiliates will probably simply move elsewhere in the C2C market, and the gang itself may or may not resurface in some form. Other criminal gangs are proving similarly protean. Flashpoint reports that the Groove gang now says its call for attacks against the US was a goof designed to embarrass Western media.
The US Department of Commerce has sanctioned four companies for providing foreign governments spyware. NSO Group and Candiru (both from Israel) have been added to the Entity List, as have Positive Technologies (of Russia), and the Computer Security Initiative Consultancy PTE (from Singapore).
CISA has issued Binding Operational Directive 22-01, which requires US Federal agencies to address known, exploited vulnerabilities.
Language introduced into the US House version of the Defense Authorization Act would add four new eyes to the familiar Five Eyes intelligence-sharing group, Defense One reports. Germany, Japan, India, and South Korea would join the five anglophone powers in the current pact. It's not yet expansion, but a tentative move in that direction.
CISA has issued two more industrial control system advisories.