BadRabbit seems, for now, quiet as a bunny, but it wouldn't do at all to expect that to continue. Cisco researchers found a variant of the (alleged) NSA Equation Group EternalRomance tool in BadRabbit's code, and consensus among security researchers in other companies is that BadRabbit is the work of the threat actors behind NotPetya. That would be the TeleBots APT, also known as Sandworm, which has in the past been associated with Russian security services, especially in operations directed against Ukraine. The damage done in BadRabbit's brief period of activity doesn't remotely approach that achieved by NotPetya, but, of course, BadRabbit could well return.
A majority of the targets BadRabbit hit were Russian (around 65%), but observers note that the high-value targets it clobbered were Ukrainian. Much reporting continues to treat BadRabbit as conventional criminal ransomware, but it's too early to tell, and TeleBots alleged involvement may point in a different direction.
The Reaper IoT botnet (also known as IoTroop) is still assembled and poised, but has yet to unleash the expected distributed denial-of-service attack. Researchers at NewSky Security, however, have observed disturbing signs in the cybercriminal underground that hackers are sharing malicious code suitable for integration with the botnet.
IOActive reports vulnerabilities in Inmarsat’s widely used maritime SATCOM systems.
Anonymous has surfaced, attacking Spanish government sites in apparent solidarity with the Catalan independence movement.
Twitter's newfound fastidiousness about accepting Russian ads has drawn protest from the Russian government, which feels this is unfair to Sputnik and RT.