WikiLeaks has dropped more documents from Vault7. This week it’s the UMBRAGE Component Library (UCL), a collection of publicly available exploits scouted, WikiLeaks says, by Raytheon under a CIA contract between November 2014 and September 2015. The tools described in the UCL include Embassy Panda's keylogging RAT, the Samurai Panda version of the NfLog RAT, surveillance malware Regin, command-and-control arranger HammerToss, and the information-stealing Trojan Gamker.
These are for the most part thought to be state-tools—the Pandas are believed to belong to China, and HammerToss is thought to be Russian—but WikiLeaks offers a sinister (if not fully convincing) spin: why would Langley be interested if not to repurpose UCL tools for its own attacks?
German elections are scheduled for September, and that country's authorities are determined to conduct them without interference, especially Russian interference. The Bundesamt für Verfassungsschutz warns that Russia is interested in elections, China in IP, and Iran in many things. The German government has established a command center and beefed up security capabilities to deal with an elevated level of threat.
Google has discovered and blocked a new strain of Android malware, "Lipizzan," a very highly targeted surveillance tool believed to have been produced by the Israeli firm Equus Technologies. The discovery came during an investigation into Chrysaor, spyware attributed to another Israeli lawful intercept shop, NSO Group. Lipizzan has been expelled from the Play Store and is remediated by Google Protect.
Ransomware is found to kill small businesses through disruption, not extortion payments.