Assessment and penetration-testing company Immunity is selling a BlueKeep version as part of its CANVAS penetration testing suite, ZDNet reports. BlueKeep is already being exploited in the wild: Intezer finds it in the latest version of the WatchBog cryptojacking botnet.
Researchers at Lookout announced the discovery of "Monokle," described as a "new and sophisticated set of custom Android surveillanceware tools." There may be an iOS version lurking somewhere, but for now the Android toolkit is in use in the wild. Lookout attributes Monokle to the Special Technology Centre, Ltd., also known as STC, Ltd. or simply STC. The company is based in St. Petersburg, Russia, and was sanctioned in 2016 by a US Executive Order for its work on behalf of the GRU against US elections. Monokle is advanced mobile malware designed to collect and exfiltrate personal data from infected devices.
Hacktivist group Intrusion Truth has linked APT17 to Jinan bureau of the Chinese Ministry of State Security. They also say APT17 engages in some domestic crime on the side, selling data stolen from Chinese targets.
Proofpoint describes the activities of a Chinese Advanced Persistent Threat group it calls "Operation LagTime IT,” and which it tracks internally as TA428. LagTime is a cyber espionage operation that collects against East Asian targets, for the most part goverment agencies that oversee "government information technology, domestic affairs, foreign affairs, economic development, and political processes." The campaign uses a Remote Access Trojan, CotxRAT, as well as Poison Ivy payloads. These it distributes by phishing.