A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/182

Selected reading.

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne)

GOLD MELODY: Profile of an Initial Access Broker (Secureworks)

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security)

Cyber Soft Power | China's Continental Takeover (SentinelOne)

MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News)

MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading)

MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News)

MGM says its recovered from cyberattack, employees tell different story (Cybernews)

'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters)

Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer)

Russia linked to cyberattack on government services (Royal Gazette)