Proofpoint researchers describe two hitherto undocumented strains of malware, ServHelper (a backdoor) and FlawedGrace (a remote access Trojan) now being used in the wild by TA505.
WIRED has an account of how ISIS is turning from social networks to chat apps.
Reddit, which locked down a large number of accounts over security suspicions aroused by unusual activity in those accounts, is systematically restoring users' access.
The "shelf life, three weeks" tweets said to have aroused such suspicion at NSA in 2016 were apparently turned over to NSA by Kaspersky, say anonymous sources not authorized to discuss what they know. The tweet was addressed to "Yevgeni," presumably Eugene Kaspersky himself, by @HAL999999999 as Ars Techica reports. Thus it was Kaspersky, the Washington Post notes, and not US counterintelligence officers, who first twigged to the possibility that someone may have been getting ready to leak classified information, and that warning is being connected to Hal Martin's arrest.
Two points are worth making. First, Mr. Martin, who's entitled to the presumption of innocence, is charged with mishandling and unlawful retention of classified material, not with passing it to anyone. So the ShadowBrokers' leaks that soon followed the tweets may be coincidental (if one believes in such things). Second, as interesting as we find reading and writing about this developing story, the fact that anonymous sources not authorized to speak are speaking as much as they are suggests that US Federal insider threat programs remain more loosey-goosey than the Intelligence Community would probably hope.