Romanian Defense Minister Mihai Fifor says the NATO member is under more-or-less continuous Russian cyberattack. In the UK, GCHQ's National Cyber Security Centre director Ciaran Martin offered a similar warning to Parliament yesterday, noting "a consistent rise in the appetite for attack from Russia on critical sectors."
Palo Alto Networks reports that the Chinese cyberespionage group "Tick," also known as "Bronze Butler," has been working to infect secure USB drives produced in South Korea with SymonLoader malware. The discovery has been reported as an attack on air-gapped systems, which in a sense it is, but not by any particularly exotic new method. A malicious payload on a USB drive is an old technique. The malware affects only systems running Microsoft Windows XP or Windows Server 2003, and Palo Alto doesn't believe the malware is part of any active campaign. The discovery, while apparently not of any urgent concern, does serve as a useful warning of supply chain risk.
David Sanger's new book, The Perfect Weapon, reports that Mandiant, now a unit of FireEye, hacked back into APT1's computers, gained access to the cameras on the attackers' laptops, and so observed them hacking in real time. FireEye says the account is based on a misunderstanding. Mandiant never hacked back at anyone, and everything it learned about APT1 (a watershed private-sector investigation of Chinese espionage) was obtained by "consensual security monitoring on behalf of victim companies."
Lawfare has an interesting round-up of private-sector contributions to emerging international norms of behavior in cyberspace.