Symantec announces discovery of "DragonFly," a sophisticated cyber campaign directed principally against energy sector targets in North America and Western Europe. Also known as "Energetic Bear," DragonFly employs both espionage and sabotage components, although no large-scale sabotage has yet been reported. The campaign has successfully implanted Havex and Karagany Trojans, although investigators decline to say precisely which firms were compromised.
Attribution remains under investigation, but F-Secure analysts are calling this one on the Russian intelligence organs: appropriate timestamps, Cyrillic text, and names all point to Russia; sophistication points to a state sponsor. DragonFly appears to have begun operations in 2011; its original targets were US and Canadian defense and aerospace firms.
F-Secure has found another campaign, "BlackEnergy," active in Belgium and devoted at least initially to espionage. It emanates from Ukraine or Russia, and researchers speculate plausibly that it represents Russian battlespace isolation preparation in the ongoing conflict with Ukraine. F-Secure thinks diplomats involved with Eastern European tensions should be especially on their guard.
NATO clarifies its Article 5 with respect to cyber attacks: a cyber attack on one will be considered a cyber attack on all. (This doesn't mean airstrikes in response to denial-of-service attacks: responses would be proportionate.)
Cisco finds a spearphishing operation, "String of 'Paerls'," targeting high-worth enterprises with Visual Basic Scripting for Applications exploits.
Much discussion of research ethics in the wake of the Facebook emotional contagion study.
Microsoft hits botnets by taking down No-IP domains, but does a lot of collateral damage in the process.