The CyberWire is pleased to announce that our new weekly news wrap-up, the Week that Was, is now out and available. View it here, in case you missed yesterday's email. We plan to publish the Week that Was every Sunday evening.

Malware used in December's Ukrenergo attack analyzed. CertLock Trojan blocks security software installation. MacSpy and MacRansom analyzed--malware-as-a-service targeting Macs. Ransomware found in bogus Android King of Glory game. Platinum APT exploits AMT vulnerability.
Researchers at Dragos and ESET are today releasing new reports on malware that hit Ukraine's power grid last December. They're calling the attack code "Crash Override" or "Industroyer," and they compare it to Stuxnet in terms of the severity of its threat to physical systems. Crash Override is modular and readily tailored to its targets. The Ukrenergo attack now looks like a dry run.
Access Now reports a new form of social media hijacking, "Doubleswitch," which renders its victims effectively unable to regain control of their accounts. Observed in Venezuela, DoubleSwitch has been used against critics of the Chavista regime.
Various researchers are reporting a new Trojan, "CertLock," in the wild. Carried by a range of unwanted programs, the Trojan renders those programs more difficult to clean from Windows systems by blocking the certificates of security software.
Researchers at AlienVault and Fortinet have obtained and analyzed live samples of MacSpy and MacRansom, two varieties of malware-as-a-service that have been on offer in dark web souks at least since the last weeks of May. As the names suggest, they target Mac systems with, respectively, spyware and ransomware. As Mac marketshare rises, so does Mac malware's black marketshare.
Sophos reports a ransomware outbreak in Chinese Android systems—the malicious code hides in a bogus copy of the King of Glory game. (The ransomware copies WannaCry's user interface, but it's not WannaCry.)
Microsoft finds the Platinum APT exploiting flaws in Intel chip sets' Active Management Technology to execute malicious code in targeted machines.
Today's issue includes events affecting Bahrain, Belgium, China, Egypt, France, Germany, Gibraltar, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Maldives, NATO/OTAN, Qatar, Russia, Saudi Arabia, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and and Yemen.
A note to our readers: We'll be down in Northern Virginia tomorrow, covering Cybertech Fairfax. We also plan to stroll down Pratt Street and see what's up at AFCEA's Defensive Cyber Operations Symposium, meeting in Baltimore from tomorrow through Thursday.
In today's podcast, we hear from our partners at Webroot, as David Dufour describes the challenges of attribution: why we care who did it, but why it's so hard to find out. Our guest, Robert Rodriguez of SINET, describes the Innovation Summit, coming next week to New York City.