A ransomware attack has hit Ukraine's Energy Ministry. The ransom screens are written in English (with the appearance of something produced by a non-native speaker). Preliminary indications are that it's a criminal attack, and unlikely to be the work of a nation-state.
Kaspersky says that it's uncovered infrastructure used by the Crouching Yeti threat group, also known as Energetic Bear, for attacks against industrial concerns.
A surge in anonymous Twitter accounts in Southeast and East Asia has prompted speculation about the formation of bots to influence public opinion through the social media platform. Twitter doesn't believe it's yet seen anything out-of-order.
Symantec and others are tracking Orangeworm, a cyberespionage campaign that's hitting healthcare organizations. X-ray and MRI devices are most often affected. Many researchers doubt that the group behind the campaign is a nation-state, but the attackers' goals are obscure. They seem to be after either personal information about patients, or intellectual property about the medical devices themselves.
Google's Project Zero has disclosed a vulnerability in Windows 10: it's possible to bypass Windows Lockdown Policy in a way that can result in arbitrary code execution. Microsoft missed Google's 90-day deadline for addressing reported vulnerabilities, so Google has gone public with the unpatched issue.
As the US Government weighs sanctions against Russia, one of its targets may be Kaspersky. Officials say they're considering banning all operations in the US. Any such sanctions would be imposed after Kaspersky's suit alleging it’s the victim of an unconstitutional bill of attainder is resolved.