>Russian state-sponsored malware will tend to target US entities.
I haven't heard of any. So its either 1) there is no such malware, 2) it stays undetected, 3) it is detected, but now is wrong timing to disclose it.(if ever)
I don't really afraid of Russians. Snowden's leak & Kaspersky research shows that NSA is far more superior threat to anybody, citizens included. And US-based anti-virus companies fail to protect me regardless of what their reason is.
If Kaspersky finds a Russian FSB trojan, they won't go to the press. They'll call their pals at the FSB and ask what to do. In an authoritarian state, revealing such a thing could be life threatening. In other words, Kaspersky isn't going to report on Russian state malware, which we certainly know exists considering the documented attacks on Ukraine, Baltics, Georgia, etc.
The US/EU has a stronger freedom of the press tradition and doesn't often follow autocratic staples like murdering inconvenient journalists and serving them polonium tea, but obviously jail-time can be in the cards if laws were violated. I imagine its just safer to report on Western state sigint compared to autocratic/authoritarian state sigint, thus we hear about Western sigint efforts a lot more, especially in the Western press. One of the downsides of having an open society is that you see the warts and all, but a more closed autocratic one has better infomation and propaganda control, so the perception of "those things don't happen here" is easy to sell to low-information constituents, and special efforts are made to keep them low-information.
Also, I think its clear Russia uses Kaspersky to make western intelligence look bad. Its more demoralizing to have a AV vendor point this stuff out than one's own security apparatus and its a good cover for the FSB's own hacking. Wired has written about the FSB/Kaspersky connection before. Note its almost always Kaspersky finding Western state malware, not the dozens of other competent AV firms and thousands of top tier researchers. Funny how that works.
It's not that clear cut. The UK routinely serves 'D' notices and the press defer (leading to much abuse) - here's a nice primer https://www.theguardian.com/media/2015/jul/31/d-notice-syste...
Anyone stumbling across their own state's payload and attempting to publish details is likely to rapidly receive a visit and be put in the picture that they've to drop it.
The UK even uses the Wassenaar arrangement to stifle general discussion of virus and threats : http://www.theregister.co.uk/2015/07/03/northumbria_universi...
Admittedly there's no actual murders or suspected ones (that I've ever heard of) but the polonium tea example was not about computer virus revelations either.
Also, in US you are free to talk about anything unless you are under GAG order.
Or... maybe I am naive. I just tend to look at this stuff with how can we get this done the easiest way??? Human emotions are much easier to target than silicon.
I think only 30% of malware is detected~ I remember reading about that a while back and this was after advanced heuristic methods had been around for a while.
https://www.symantec.com/security_response/writeup.jsp?docid...
https://www.microsoft.com/security/portal/threat/encyclopedi...
