Yesterday, the Biden Administration announced a set of measures aimed to impose costs on Russian cyber attackers for election influence operations, for the SolarWinds compromise, and for other cyberespionage incidents.

The NSA, CISA, and the FBI released a joint statement exposing exposed ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities in the SolarWinds Orion software supply chain, the use of WellMess malware against COVID-19 researchers, and network attacks exploiting VMware vulnerability.

NSA’s Cybersecurity Directorate warned that Russia’s SVR is actively exploiting five known vulnerabilities against the USA and allied networks including the six European agencies that were reportedly affected by the compromised SolarWinds supply chain.

According to AP News, ten Russian diplomats are being expelled by the US State Department as a result of this activity and 32 individuals and entities accused of attempting to influence last year’s presidential election, including by spreading disinformation are sanctioned.

“We cannot allow a foreign power to interfere in our democratic process with impunity”, president Biden said.

The US Department of the Treasury announced that it was sanctioning “16 entities and 16 individuals who attempted to influence the 2020 U.S. presidential election at the direction of the leadership of the Russian Government.” Four front media organizations associated with Russian intelligence services were identified as disinformation shops: SouthFront, NewsFront, InfoRos, and the Strategic Culture Foundation.

front media organizations associated with Russian intelligence heimdal security image

Image Source: U.S. Department of the Treasury

According to Jerusalem Post, the sabotage at Iran’s Natanz uranium enrichment facility was produced by a remotely detonated explosive device. The incident was widely attributed to Israel by both the Iranian government and Israeli media.

Since the infrastructure of the Emotet botnet has been taken down back in January, IcedID malicious activity has increased, filling the gap left behind by Emotet.

NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.

The agencies also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.

NSA: New Critical Vulnerabilities Found in Microsoft Exchange Server

Phishing Emails Are Now Spreading Trickbot Malware, FBI and CISA Warn

Leave a Reply

Your email address will not be published. Required fields are marked *