WannaCry remains both dangerous and sloppily executed, but its ransom take has risen to at least $70,000.
Recorded Future announced this morning their conclusion that APT3 (a.k.a. Gothic Panda, generally held responsible for Operations Clandestine Fox, Clandestine Wolf, and Double Tap) is acting on behalf of China's government. Tipsters (identity unknown, going by “intrusiontruth”) attributed APT3 to Guangzhou Boyu Information Technology Company (a.k.a. Boyusec) on May 9. Recorded Future is confident Boyusec is doing contract espionage, both traditional and economic, for China's Ministry of State Security.
The ShadowBrokers, whose EternalBlue leak enabled the WannaCry pandemic, continue their implausible charade of monetizing exploits allegedly stolen from NSA, while simultaneously saying they're really in it for the glory of facing off against a worthy opponent (viz. the Equation Group). They said yesterday they'd taken May off to watch WannaCry and "Your Fired" (sic), but that in June they'll launch a monthly leak subscription service. They claim to have operatives inside all the big corporations, and to have in their possession "'75% of U.S. cyber arsenal'." Their diction has grown more overtly comedic but coarser, and ever more remote from any known natural language. They're also clearly watching too much Colbert, and not to their profit.
Japan joins the list of countries considering its cyberwar options, including retaliation.
WikiLeaks has dumped another set of Vault7 documents. These purport to originate with the CIA; some describe methods of impeding PowerPoint. (Their wording suggests PowerPoint users have it coming: are there Tufte disciples at Langley?)