More reactions to Kaspersky's description of "threat actor" Equation Group appear. Journalistic speculation (especially but far from exclusively in Russian media, which display some triumphalism about Kaspersky's Russian roots, and quote SVR's and FSB's placid assurances of immunity to cyberespionage) equates Equation Group to NSA, although Kaspersky Lab itself declines to offer any attribution. Symantec offers its opinion that Equation Group is clearly a state actor. Consensus holds that the actor is very sophisticated and well resourced.
Targets are said to have been found in thirty countries, with a handful of middle-eastern nations apparently on an exempt list. Infection vectors include Web-based exploits, a worm ("Fanny"), compromised physical media (including CD-ROMs and USB dongles), and compromised hard drive firmware.
Kaspersky discerns signs of Equation Group activity as far back as 2001, possibly as long ago as 1996. Its target set suggests traditional espionage as opposed to economically motivated spying.
Some accounts suggest the group had tools capable of overcoming air gaps. War on the Rocks publishes a piece on the "third offset" — convergence of cyber operations with more traditional electronic attack.
Kaspersky's Cancun séances also describe another threat actor: "Desert Falcon." Reported to be an Arab group — perhaps a mercenary one — it displays a growing MENA-based cyber attack capability.
As the US State Department tries anti-ISIS messaging, Yahoo News looks at the aspiring caliphate's information operations.
Researchers believe they've found a smoking typo tying the Sony hack to North Korea.
Banks continue Carbanak recovery. The Vawtrak Trojan acquires malicious macros.