FireEye researchers report ("with high confidence") that North Korean government cyber operators are showing new sophistication and ambition. Studies of the threat group variously known as Reaper, APT37, Group123 (Cisco's Talos unit's name for them), and ScarCruft (as Kaspersky called it) suggest that its aggressively targeting international corporations.
Most of Reaper's attacks are initiated, FireEye says, with sophisticated social engineering. Crowdstrike, which tracks the group as "Labyrinth Chollima," says they've shown the ability to bridge airgaps by unspecified means.
Reaper is known for pursuing government, defense industry, and media targets, but it's recently added the chemical, electronic, aerospace, healthcare, automotive, and manufacturing verticals to its target list.
Kaspersky Lab says signs indicate that Sofacy, the threat group linked with Russian military intelligence (also known as APT28, Pawn Storm, Sednit, Strontium, and-our favorite-Fancy Bear) has begun to shift its focus eastward from NATO targets. It's now taking a closer interest in Ukrainian and Central Asian networks.
Researchers at Votiro warn that they've determined it's possible to embed Monero-mining script in Microsoft Word documents.
Fraudulent transfers executed over the SWIFT network have prompted a new category of spam. Comodo reports that criminals are distributing the Adwind Trojan as the payload carried by a malicious email attachment that represents itself as a SWIFT transfer notice.
The US Department of Homeland Security is increasing its cybersecurity aid to state election officials as they prepare for midterm voting. The assistance includes classified threat briefings. The Department of Justice has also organized an anti-election-hacking task force.