Two more companies—Fidelis and FireEye’s Mandiant unit—have weighed in on the DNC hack. Both find themselves essentially in agreement with CrowdStrike’s conclusion that evidence in the code points to the Russian APTs fingered in initial reports. Guccifer 2.0’s identity remains up in the air, although someone claiming to be the lone hacker has just been talking to Motherboard. He says he’s anti-Russian, pro-freedom, and wants a world without the Illuminati. Judge for yourselves.
FireEye says China has pulled back from cyber espionage directed against the United States. Other countries? Not necessarily so much, and Dark Reading sensibly notes what we’re hearing elsewhere—that intellectual property theft remains in that government’s plans.
Ransomware continues its evolution. Ded Cryptor, an EDA2 strain, is out, courtesy (apparently) of the Russian cyber mob. Sophos reports finding RAA, Javascript ransomware that doesn’t depend upon enabled macros for transmission.
xDedic, the souk that sold server time on compromised RDP servers, may, says Kaspersky, be larger than initially believed.
Apple has closed a vulnerability in AirPort wireless routers.
In industry news, the US GSA is creating a special item number (SIN) for cyber security products and services in its IT Schedule. Contractors wonder if GSA will be able to keep pace with technological evolution within the scope of the new cyber security SIN.
The US Secret Service hopes for quick response to its solicitation of “cyber triage tools.”
Wassenaar is back. Meetings resumed this week in Vienna on a new cyber arms export control regime.
A note to our readers: tomorrow the CyberWire will be in Laurel, Maryland, covering Cyber 7.0. Watch for our usual live-tweeting and special report on the proceedings.