New espionage malware surfaces in Europe, Asia, and the Americas: "MiniDuke" appears designed to steal state secrets. It uses a baited pdf (a plausible English-language study of Ukrainian NATO integration plans) to exploit the recently patched Acrobat sandbox bypass vulnerability. It also employs—that bugaboo from the early 2000s—steganography. Kaspersky calls MiniDuke "old school" and notes its "weird backdoor functionality." Some victims quietly blame Chinese intelligence services, but researchers at the Austrian Institute for International Affairs suggest an alternative attribution, noting MiniDuke's similarity to the TinBa Trojan produced by Russian hackers for bank fraud.
China reacts defensively about the ongoing cyber cold war, claiming its own email systems are under continuous US attack. Mandiant has said it expected retaliation for its attribution of the New York Times attack to the PLA, but evidence hints retaliation may take the form of patriotic cyber rioting against US targets as opposed to a state-directed campaign. Meanwhile AlienVault says there are more dangerous cyberwar units in the PLA than APT1, which the Register calls "more prolific than leet." (Still, leet enough to pwn the Times.)
Bank of America acknowledges that Anonymous got some of its data, but says the hacktivists did so by attacking a third-party vendor. Variety notes that hacktivism (in the form of labor unrest among special effects workers) is a rising threat to Hollywood.
The US Intelligence Community expects capability-reducing budget cuts. US Cyber Command faces a labor shortage. MIT and EdX think online courses can close corporate skill gaps.