Twitter hack update. DPRK and PRC tools and APTs. Monero mining. The cyber threat to British sport.

Twitter has updated its account of last week’s account hijacking incident: “We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.” Tripwire thinks the Dutch elected official was Geert Wilders, who confirmed to Yahoo that he was indeed the one affected. He’s now regained control of his account.

KrebsOnSecurity believes at least two of the New York Times’ sources in last week’s story on those responsible for the Twitter hack weren’t hemi-semi-demi innocent collectors of original gangster usernames, but were themselves active resellers in the underground OG black market.

Kaspersky outlines some of North Korea’s evolving cyberattack tools, specifically a multi-platform malware framework the researchers call “MATA.” It includes such components as loaders, orchestrators, and various plug-ins, and it’s capable of hitting Windows, Linux and macOS operating systems. The victims have been software and IT companies located in Poland, Germany, Turkey, South Korea, Japan and India.

Malwarebytes researchers present evidence that a Chinese APT is indeed responsible for deploying MgBot malware against targets in India and Hong Kong.

Cisco Talos describes the low-key, unobtrusive workings of the Prometei botnet, quietly mining Monero.

The UK’s National Cyber Security Centre offers an assessment of the cyber threat to sports. Attacks have interfered with a Premier League transfer, delivered ransomware, and in one case disabled stadium turnstiles and security cameras.