More details concerning the US indictment of Chinese military personnel on charges of industrial cyber espionage emerge. The enterprises targeted (for the most part big ones) proved surprisingly vulnerable to social engineering: the principal route into their systems was phishing. The PLA hackers were also allegedly hired and tasked by Chinese government-owned companies, who thereby contracted out their own industrial espionage.
The Chinese government continues to express outrage, both in public denials of espionage and (paradoxically) tu quoque attacks on American policy: "you're hypocrites; you do it too."
The (very unequal) Russo-Ukrainian conflict gives rise to an interesting if implausible information operations campaign. Russia publishes stories (supported by photos) of US "mercenaries" conducting anti-Russian operations inside Ukraine. The US denies any such involvement, pointing out that the photos appear to be of police and National Guard working during Hurricane Katrina.
A warning has appeared in eBay sites advising users to change their passwords. It's still unclear, however, what to make of this, and how serious any breach might be (if there's actually been a breach at all).
The US Department of Homeland Security announces that an unnamed American public utility's control network has been hacked, but without disruption to its operations.
In industry news, Proofpoint buys automated incident response provider NetCitadel. Congratulations to Lunarline, Tenable, and Duo Security, all of whom receive awards.
The US Congress advances surveillance reform legislation, but privacy advocates remain dissatisfied. Congress also considers legislation designed to help the Department of Homeland Security hire cyber talent.