Ruslan Stoyanov, the Kaspersky researcher and former FSB officer whom Russian authorities have charged with treason, has condemned the Russian state practice of coopting and using cybercriminals. In a statement he dictated to his lawyers, who released it to independent television station Dozhd, Stoyanov says "patriot-thieves" are given immunity from prosecution to attack foreign targets, and this practice is unsustainable: the protected hoods will eventually unleash a wave of crime against Russia itself. (Observers have long commented on close ties between Russian security services and organized crime.)
The biter may have already been bitten with one of the Word zero-days patched this week. According to FireEye, CVE-2017-0199 appears to have been exploited to deliver Finspy (a controversial lawful intercept product developed by the Gamma Group) to Russian-speaking targets. The vector was a weaponized document, a military manual from the Ukrainian pro-Moscow separatist group "Donetsk People's Republic." The same vulnerability has also been used to spread the more obviously criminal Latenbot and Terdot payloads.
Palo Alto Networks researchers warn that an aggressive strain of Ewind adware is afflicting Android users. As much Trojan as conventional adware, Ewind clones popular apps, installs malicious code, and inserts them into third-party stores. Some of the noteworthy apps so cloned include Grand Theft Auto Vice City, AVG cleaner, Minecraft (Pocket Edition), Avast! Ransomware Removal, Vkontakte, and Opera Mobile.
Russo-US relations continue to be chilly, with information operations unabated. German authorities advocate widespread control over media to combat fake news; they hope all Europe will follow.