Similarities between code used by Ryuk ransomware and the Lazarus Group's Hermes tool led to tentative suspicion that North Korean state-directed actors (like the Lazarus Group) might have been behind Ryuk as well. But states and hoods sell and buy in the same black market as SecurityWeek points out. ZDNet says the growing consensus among cybersecurity firms is now that Ryuk is run by Russian organized criminal gangs.
NotPetya hit candy and cookie company Mondelez hard, but their insurer, Zurich, declined to pay their claim on the grounds that NotPetya, which Western governments publicly blamed on Russia, amounted to an act of war. Information Security Buzz describes how that suit is shaping up. The confectioner is now suing Zurich for $100 million. Bloomberg calls this a downside of official attribution. Policies of all kinds routinely exclude coverage for acts of war, Fifth Domain says; the issue is who gets to say an incident is war.
Suspicion that Huawei serves as a reliable partner of China's intelligence services seems likely to grow, the Washington Post notes. In the recent arrests in Poland, the AP says the Polish national arrested alongside a Huawei executive held senior cybersecurity posts in three Polish agencies: the Interior Ministry, the Office of Electronic Communications (a telecommunications regulatory body) and International Security Agency (a counterintelligence organization). ZDNet reports that Huawei has fired Wang Weijing, the manager who was arrested. The company also denied involvement in the alleged espionage, a claim Polish authorities seem so far to confirm.