Shamoon 3 seems to have affected a wider range of targets than at first believed. McAfee says the attacks affected victims in the oil, gas, telecommunications, energy and government sectors in the Middle East and southern Europe. Symantec reports more signs that this Shamoon infestation came from Iranian threat actors, including its association with attacks that used Stonedrill malware (SecurityWeek).
Shamoon 3, as well as Charming Kitten's reappearance with 2FA-defeating attacks (Threatpost), have led some observers to conclude that the long-expected Iranian cyber-retaliation for reimposed sanctions is underway (WIRED).
The Czech government's CERT has issued an unambiguous warning that Huawei and ZTE equipment represents a security threat. The NÚKIB report specifically cites Chinese laws requiring companies to cooperate with intelligence and security services.
The US Senate-commissioned reports on Russian influence operations point out extensive trolling via Instagram, much directed toward African-American voters. The NAACP has, in response to the news, called for a boycott of Facebook (Telegraph).
We've seen many sound cautions against placing too much importance on attribution of attacks to specific actors, but here's one way it matters: your cyber insurance policy might not cover an act of cyberwar. Mondelez International, hit hard by NotPetya, submitted a claim for more than $100 million, but Zurich Insurance is disputing the claim on the grounds that their policy excluded coverage for a "hostile or war like act" by any "government or sovereign power" (Reinsurance News). NotPetya has generally been attributed to Russia, convincingly enough for Zurich to hold its payout.