GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.

China deploys tools used against Uyghurs in broader espionage. The Five Eyes call out a GRU cyberespionage campaign. Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter. A Spring-Kafka zero-day is discovered. Deepen Desai from Zscaler explains RedEnergy Stealer-as-a-Ransomware attacks.  Luke Nelson of UHY Consulting on ransomware’s impact on schools. And, hey, go Wolverines: the University of Michigan overcomes a cyberattack that delayed the academic year.

Selected reading.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live Security) 

Earth Estries Targets Government, Tech for Cyberespionage (Trend Micro) 

Infamous Chisel Malware Analysis Report (Cybersecurity and Infrastructure Security Agency CISA)

UK and allies support Ukraine calling out Russia's GRU for new malware campaign (NCSC) 

Hackers Attack Czech Banks, Demanding End of Support For Ukraine (Brno Daily) 

More Russian attacks on Czech banks: Hackers call for end of support to Ukraine (Expats.cz)

Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink (BBC News) 

Contrast Assess uncovers Spring-Kafka deserialization zero day (Contrast Security)

U. Michigan restores campus internet after cyberattack disrupts first week of classes (EdScoop)

Internet restored on University of Michigan campus, ongoing issues still expected (mlive)

University of Michigan isn't disclosing details of internet outage cyberattack (Detroit Free Press)

Expert weighs in on school cyberattacks as University of Michigan makes progress on internet outages (CBS News)