The US Administration this morning announced a long-expected set of measures designed to impose costs on Russian threat actors for election influence operations, for the SolarWinds compromise, and for other cyberespionage incidents. The steps taken include sanctions and diplomatic expulsions, and, of course, naming and shaming.
NSA took up mitigation of known vulnerabilities in the SolarWinds Orion software supply chain, the use of WellMess malware against COVID-19 researchers, and network attacks exploiting VMware vulnerability. NSA's Cybersecurity Directorate tweeted a warning that Russia's SVR is actively exploiting five publicly known vulnerabilities against US and allied networks. Among those allied networks are presumably the six European agencies the European Commission reports were affected by the compromised SolarWinds supply chain.
The US State Department is expelling ten Russian diplomats in connection with this activity, the AP reports.
And the US Department of the Treasury announced today that it was sanctioning "16 entities and 16 individuals who attempted to influence the 2020 U.S. presidential election at the direction of the leadership of the Russian Government." Treasury singled out four front media organizations associated with Russian intelligence services as disinformation shops: SouthFront, NewsFront, InfoRos, and the Strategic Culture Foundation.
The Jerusalem Post reports that the sabotage at Iran's Natanz uranium enrichment facility (widely attributed to Israel by both the Iranian government and Israeli media) was produced by a remotely detonated explosive device.
Law enforcement's January Emotet takedown left a gap in the criminal ecosystem, now being partially filled by the IcedID gang, the Record reports.