White House Goes After Putin

While the previous administration went after Xi Jinping, this administration seems to be more focused on Putin. While they do not appear to have relaxed any of the pressure on China, they seem to be adding pressure to Russia, which largely escaped any pressure before.

This week the FBI and the Department of Homeland Security (DHS/CISA) put out an alert (AA21-116A) warning of Russia’s espionage activities.

In summary, the alert says:

The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies. On April 15, 2021, the White House released a statement on the recent SolarWinds compromise, attributing the activity to the SVR. For additional detailed information on identified vulnerabilities and mitigations, see the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and FBI Cybersecurity Advisory titled “Russian SVR Targets U.S. and Allied Networks,” released on April 15, 2021.

The alert says that Russia is leveraging these attack methods:

Password spraying – total brute force – throw anything at every web site and see if anything sticks.
Leveraging zero day vulnerabilities – using unknown vulnerabilities like with the Exchange attack.
WELLMESS malware – These are Covid themed attacks
SolarWinds style attacks – We have seen several of these lately.

The alert also provides recommended actions. A copy of the alert can be found here.

What is not clear is how much of an increase this is, although reports are saying that Russia has increased the level of incoming artillery lately.

What this means is that businesses are fighting a war on multiple fronts – not something even most armies can do successfully, but businesses have no choice but to fight multiple wars.