SecureWorks reports that Fancy Bear, the Russian GRU outfit famous for compromising the US Democratic Party's National Committee last spring, has been found in a British television network (unnamed for legal considerations). Fancy Bear established persistence in July 2015 and wasn't detected for a year, which is interesting given Fancy Bear's relative noisiness compared to its sibling Cozy Bear. German authorities are also seeing an increase in activity that looks like Fancy Bear's. Diplomatic sources in Russia's London embassy dismiss the allegations as Western nostalgia for the Cold War. ThreatConnect has devoted some attention to fleshing out indicators of compromise by Fancy Bear; their report is interesting (and a reminder of the distinction between evidence and intelligence).
Saudi worries about Shamoon persist. Intel Security has an overview of their current research into Shamoon 2's details, and Wapack Lab reports signs that the malware is turning up in the shipping industry as well.
The well-known banking Trojan Dridex is back, and Flashpoint says the malware now employs a new user account control bypass method.
DoubleFlag, the criminal group who's been selling data stolen from large Chinese ISPs, claims to have data on 126 million U.S. Cellular customers. U.S. Cellular tells HackRead they've investigated, and DoubleFlag's wares are bogus: there's been no breach.
LeakedSource, grey market purveyors of access to stolen passwords, is down, possibly for good. Someone (handle "LTD") claiming to be in a position to know said yesterday on the OGFlip forum that LeakedSource had been raided by US authorities.