Microsoft has confirmed that APT31, the North Korean threat group Redmond tracks as "Thallium," has indeed been aggressively pursuing Windows users, and that Microsoft has seized fifty domains Thallium used in its espionage campaigns.
The Wall Street Journal on Monday published its investigation into the Cloud Hopper cyberespionage campaign that Reuters broke in December 2018. The US Justice Department at that time indicted two Chinese nationals (both of whom remain at large) and alleged that the duo had been working for the Chinese Ministry of State Security's APT10. It now appears, according to the Journal, that the espionage was far more widespread than originally reported, extending to more companies than the fourteen alluded to in the indictment.
The US General Services Administration has announced that its procurement schedules, to be refreshed on January 15th of this year, will include bans on doing business with companies whose offerings include “substantial or essential” components from specified Chinese companies, notably Huawei and ZTE. FedScoop points out that this will affect companies whose supply chains are too enmeshed with those of the proscribed companies.
India, for its part, will subject equipment proposed for 5G networks to security trials, a development the Economic Times reports has been welcomed by Huawei. The company, which had a good 2019 despite the security controversies it encountered, says it expects 2020 to be "difficult." But the company's CEO has a brave face: "If not for the bone-deep bite of winter, where would we get the heady scent of plums?"