Purported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed that they were not to follow or report on Russian threats.The purported shift at CISA follows a speech before a UN cybersecurity working group last week by Liesyl Franz, deputy assistant secretary for international cybersecurity at the State Department, that highlighted how the US is concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia. Franz also didn’t mention the LockBit ransomware group, which the US has called out in past UN forums as the most prolific ransomware group in the world.In a post on X, DHS denied The Guardian’s report, saying, “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”In a statement sent to CSO, which was also posted on X, DHS spokesperson Tricia McLaughlin said, “The memo referenced in the Guardian’s ‘reporting’ is not from the Trump Administration, which is quite inconvenient to the Guardian’s preferred narrative. CISA remains committed to addressing all cyber threats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.”
No benefit to the US in any way: Although crucial details of these developments are still not clear, experts suggest that any US move to disregard Russian cyber aggression will backfire. Former NSA hacker and enterprise risk management expert Jake Williams said, “Telegraphing who we are and aren’t tracking cyber threats from doesn’t benefit the US in any way.”Moreover, Wiliams argued that attributing an event to any specific threat actor doesn’t occur until the end of investigators’ work, so there isn’t a way to stop tracking Russian threat activity. “The biggest procedural issue with ‘stop tracking Russian cyber threat actor groups’ (though there are many other issues) is that we don’t know until the end of the attribution lifecycle which data corresponds to which nations.”In addition, all indications suggest that Russian malign activity in cyberspace against the US has continued through at least the end of January. For example, researchers at Volexity issued a report on Feb. 13 saying that starting in mid-January, they had observed the Russian nation-state threat group they call CozyLarch, which overlaps with other Russian APT groups known as DarkHalo, APT29, Midnight Blizzard, and CozyDuke, targeting sensitive Microsoft 365 accounts by impersonating individuals from US government departments, including the US Department of State.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3836775/us-cybercom-cisa-retreat-in-fight-against-russian-cyber-threats-reports-2.html
