WikiLeaks continued to disgorge the contents of its Vault7 with another document dump late Friday. This latest tranche continues WikiLeaks' recent concentration on alleged CIA tools, in this case an implant, "Athena," said to be capable of infecting Windows systems from XP to Windows 10 (WikiLeaks' Assange may be out from under the shadow of Swedish criminal law, but the Americans continue to be interested in him.)
The New York Times reports on a Chinese roll-up of CIA sources in China between 2010 and 2012. Investigators are said to be divided on how information about the agents apparently leaked: was the information obtained from a mole or by hacking?
"XData," a new strain of ransomware, hit Ukraine hard over the weekend, with signs of preliminary infections spreading to Estonian and German targets.
WannaCry infestations slowed late last week, but there are signs of an attempted revival as botnets assail the domain that sinkholed the ransomware. Looking back at the incident, Russian banks, Britain's National Health Service, and many, many Chinese users of unauthorized and unpatched Windows software seem to have been the most prominent victims. Preliminary circumstantial attribution continues to focus on North Korea. (Pyongyang dismisses the accusations as "ridiculous.")
Cyphort and other security researchers report that EternalBlue, the exploits that enabled WannaCry, are being used to distribute a remote-access Trojan. The RAT appears to be establishing persistence in networks whence it could stage future operations. Unlike WannaCry, it's not ransomware and it's not a worm; it looks like espionage.