Fancy Bear watch.
Fancy Bear (that is, Russia's GRU) is actively exploiting malware US Cyber Command reported to VirusTotal last week, CyberScoop reports. Kaspersky Lab says the malware is targeting Central Asian countries, and ZoneAlarm saw the malware's hash last week in an attack in the Czech Republic. The two security firms were the only ones to flag the malware as malicious when it was initially uploaded to VirusTotal. Kaspersky and ZoneAlarm both attribute it to APT28 based on similarities to the threat group's XTunnel tool, which Fancy Bear used in the 2016 DNC hack. Cyber Command posted the malware as part of its malware alert program, but didn't mention which actor it was connected to. CyberScoop says many found the warning useful, and welcomed CYBERCOM's heads-up, although some hope the command begins to share additional context with its releases in the future, when feasible.
ESET has a description of Zeborcy malware, a Fancy Bear tool ESET calls the threat actor's "favorite backdoor."
The UK's National Cyber Security Centre has warned sixteen NATO allies of Russian activity directed against infrastructure and government networks (ZDNet). This week's disclosure came from Secretary of State for Foreign Affairs Hunt. France 24 adds that NATO Secretary General Stoltenberg warned Russia that NATO has a "full range" of responses to cyberattacks available. That's effectively just a restatement of long-standing NATO strategy and policy. The Alliance is committed to proportionality of response, not symmetry.