VPNFilter
Cisco Talos and the FBI disclose a half-million-strong botnet of compromised SOHO routers and NAS devices, with destructive and selective-monitoring capability. Targeting in Ukraine ahead of the Champions League final.
Vault 7
Wikileaks publishes Vault 7 — eight thousand documents on CIA cyber capabilities. The disclosure is structured, careful, and substantively damaging in a way that previous leaks have not been.
Shadow Brokers
An auction listing on Pastebin for what appears to be Equation Group tooling — and the free-sample dump that came with it works against current Cisco firewalls. The shape of the leak is unusual.
DNC, Guccifer 2.0, the disclosure as weapon
Wikileaks publishes the DNC email cache the day before the Democratic Convention. The disclosure timing, the Guccifer 2.0 persona, and CrowdStrike's attribution to Russian state actors are converging on a different kind of incident.
Ukraine power grid
Reports from Ukraine of a coordinated outage on December 23 with possible cyber involvement. Early signal, thin public detail, but the pattern is unlike anything we have seen against an electrical grid before.
OPM
OPM has disclosed a major intrusion. Four million current and former federal employees, on the early count. The SF-86 question changes the threat model.