North Korea seems to be escalating a global "data reconnaissance campaign." McAfee researchers are tracking Operation GhostSecret, which they say is particularly interested in "critical infrastructure, entertainment, finance, health care, and telecommunications." They attribute the operation to Pyongyang's Hidden Cobra group.
In other North Korean news, Recorded Future reports that the DPRK elite is going to ground, virtually speaking, exiting Western social media and online services in favor of Chinese alternatives where they'll presumably be less accessible to hostile surveillance. It's not clear that Alibaba, Tencent, and Baidu are really that much more obscure than, say, Amazon or Facebook, but Pyongyang's bigshots are taking their trade elsewhere. They're also using more obfuscation services.
Fortinet is tracking a Python-based Monero miner. They're calling it "PyRoMine," and they say it uses ShadowBroker-leaked Equation Group tool EternalRomance to disable security systems enroute to cryptojacking. Disabling security systems could also enable PyRoMine's operators to stage further attacks.
Russian disinformation concerning Assad's nerve agent attacks against a civilian population is using year-and-a-half-old footage from a movie shot in Syria to "prove" that the attack is a Western hoax.
A complex hijacking of cloud service IP addresses in Chicago raises concerns about not only the immediate crime—theft of about $150 thousand in cryptocurrency by spoofing MyEtherWallet—but of a more serious intrusion by Russian actors who may be staging an attack on commodity trading platforms or other financial infrastructure.
Huawei has joined ZTE in US crosshairs over sanctions violations.
Apple patches MacOS, iOS, and Safari.