North Korean destructive malware with features not seen since the 2014 Sony Pictures hack is believed to have returned, according to documents obtained by Foreign Policy.
Germany cautiously attributes a campaign against the Federal Republic's government and political networks to Russian state actors. Bundesamt für Verfassungsschutz chief Hans-Georg Maassen says they can't be sure it was Fancy Bear (Russia's GRU) and that the unlikely possibility of a false flag operation can't entirely be ruled out, but that they regard their attribution of the attacks to Russia as having "high confidence."
A Secure World Foundation report concludes that cyber attacks against satellites are likelier than kinetic destruction. The report discerns signs of growing Chinese and Russian interest in this mode of attack. Interestingly, it conceives of the risk as largely a supply-chain problem, with Russian or Chinese suppliers of code and subcomponents building exploitable vulnerabilities into the satellites whose manufacture and operation rely on a globalized network of suppliers.
Cyberbit reports finding what it calls a new "early bird" code injection technique in which malicious code runs prior to a process's main thread. This enables attacks to bypass many antivirus protections. The technique appears in the Iranian threat group APT33's TurnedUp backdoor, in Carberp banking malware, and in DorkBot.
Britain's GCHQ says it conducted offensive cyber action against ISIS, successfully disrupting the terrorist group's operations and propaganda.
Facebook CEO Zuckerberg testified before the US House yesterday, deflecting suggestions that Facebook collect less information: "it's complicated," as so many relationship status are.