The Organisation for Security and Cooperation in Europe (OSCE) sustained a cyber espionage attack last month. OSCE disclosed the attack yesterday, but said it had insufficient evidence to attribute it to any particular actor. Le Monde is not so coy: their sources (in an unnamed "western intelligence service") tell them it's Fancy Bear. OCSE is an intergovernmental human rights and confidence-building organization that has been monitoring the fighting in eastern Ukraine.
Fancy Bear is widely believed to be Russia's GRU, and is generally thought responsible for supporting Russian hybrid warfare in Donbass and compromising networks of US political parties during the last election cycle. That latter activity may still prompt long-threatened US retaliation—Senators are talking about sanctions, and observers think covert US cyber operations against Russian targets a possibility.
Another large distributed denial-of-service attack was observed before Christmas. Imperva says its Incapsula network mitigated a 650 Gbps attack that had nothing to do with any Mirai botnet. Mirai exploits IoT devices, but IP spoofing has so far made it impossible to determine what devices were compromised into this new botnet, called "Leet." Unlike Mirai, Leet used relatively large SYN packets in its attack traffic.
Two threats affecting Android systems come to light. One, the "Switcher" Trojan, gets to TP-Link routers via Android devices on the routers' WiFi networks, then hijacks DNS settings. The second threat is to smart TVs—a Cyber.Police ransomware variant bricks LG TVs. LG seems to have been able to help affected customers unbrick their sets.