The US, British, and Australian governments yesterday unambiguously attributed a large-scale campaign against vulnerable routers to Russian security services. US-CERT (in an advisory worth reading in its entirety) identified the affected systems: "Generic Routing Encapsulation (GRE) Enabled Devices, Cisco Smart Install (SMI) Enabled Devices, [and] Simple Network Management Protocol (SNMP) Enabled Network Devices." These are, US-CERT notes, widely used by both enterprises and private individuals. Exploitation would need no zero-days. The campaign has successfully taken advantage of insecure legacy installations, beyond end-of-life systems that no longer receive patches, and other poor practices.
The governments making the attribution do so at a time of markedly increased tension between Russia and Western countries. The Salisbury nerve agent attack and Russian support of Syria's Assad regime contribute to those tensions. Observers in the US and UK suggest that Russia is preparing for a cyber campaign against critical infrastructure. Russian moves against connected devices strongly suggest ongoing battlespace preparation, and the prospective targets warn that Russia can expect retaliation should widespread attacks materialize. (British authorities have been notably direct in their warning.)
New US sanctions against Russia haven't yet appeared. They were expected as early as yesterday, but remain under consideration.
Chinese equipment manufacturer ZTE has been subjected to US sanctions, joining Huawei in the penalty box. The UK has also issued security warnings about Huawei devices.
Lookout finds "highly targeted" Desert Scorpion surveillanceware in Google Play. It's associated with APT-C-23, and seems most interested in Palestinian targets. Google has removed it from Play.