Intezer is describing the operations of "HiddenWasp," a campaign installing a backdoor on Linux systems. HiddenWasp borrows freely: components of Mirai, the ChinZ Elkinot implant, the Azazel rootkit, and the Linux version of Winnti have all been seen in its code. Most Linux-focused malware has tended to concentrate on coinmining or distributed denial-of-service, and it's also tended to be heavy-footed and noisy. HiddenWasp, in contrast, is not only relatively stealthy, but also has as its aim the control of infected devices by the attacker, and observers see this as a new and disturbing development.
Forescout tells Nextgov that some four thousand Huawei and ZTE devices remain on US Federal networks: "You can't just rip them out." TechCrunch reports that Huawei is, on an interim basis at least, trying to limit the damage of US measures by limiting contact between its US and Chinese workers.
In an undated risk-assessment memorandum that appears, on internal evidence, to have been prepared between August 2016 and September 2017, Baltimore's IT office warned that servers running unsupported versions of Windows posed a clear risk. The memo, according to the Baltimore Sun, specifically called out the likelihood of ransomware attacks. Nextgov reports that NSA's Rob Joyce said yesterday that, while everyone feels for Baltimore, the city did after all have two years to patch.
ISIS, now in its diaspora phase, was, the Long War Journal reports, quick to go online to claim responsibility for a suicide bombing at Afghanistan's Marshal Fahim National Defense University in Kabul.