President Donald Trump ordered 60 Russian diplomats the U.S. considers spies to leave the country and closed Russia’s consulate in Seattle. The closure of the Russian consulate in Seattle due to its proximity to one of our submarine bases and Boeing.” The U.S. officials said more than 100 Russian intelligence agents work under cover as diplomats in the U.S. and described the number as unacceptable. They said the U.S. could take further action in the future. The 60 people expelled from the U.S. include 48 attached to the Russian embassy and 12 at the country’s mission to the United Nations. They have seven days to leave the country, the officials said. More here.
London (CNN)It’s the biggest collective expulsion of alleged Russian intelligence officers in history, according to British Prime Minister Theresa May.
Diplomats are being kicked out of at least 21 countries — 16 European Union states, the United States, Canada, Ukraine, Norway and Albania — in a coordinated effort that represents a significant diplomatic victory for the UK, which blames Russia for poisoning Sergei Skripal and his daughter, Yulia.The UK has already expelled 23 Russian diplomats. Moscow retaliated by sending the same number of UK diplomats back, and by shuttering British cultural institutions in the country.Here’s what each country is doing:European Union nations
Croatia: Prime Minister Andrej Plenkovic said Croatia will expel one diplomat.Czech Republic: The Czech Republic will expel three diplomats, Prime Minister Andrej Babis and Foreign Minister Martin Stropnicky announced a press conference. The Czech Foreign Ministry tweeted that it declared the diplomats “personae non gratae.”Denmark: The Foreign Ministry announced two diplomats would be expelled. “We stand shoulder to shoulder with Britain and clearly say no to Russia at a time when Russia is also in threatening and seeking to undermine Western values and the rule-based international order in other areas,” Foreign Minister Anders Samuelsen said.Estonia: Estonia Foreign Ministry told CNN one Russian diplomat, a Russian defense attaché, will be expelled.Finland: Finland will expel one diplomat, the Foreign Ministry said.France: French Foreign Minister Jean-Yves Le Drian announced the expulsion of four diplomats, who must leave the country within a week. He said that the decision followed the European Council’s conclusions that the attack “posed a serious threat to our collective security” and that France was acting “in solidarity with our British partners.”Germany: The German Foreign Ministry said Monday it would expel four diplomats. “In close coordination within the European Union and with NATO allies, the Federal Government has decided to ask four Russian diplomats to leave Germany within seven days. The request was sent to the Russian Embassy today,” the ministry said in a statement.Hungary: The Foreign Ministry said Hungary would expel one diplomat over “what has been discussed at the European Council meeting,” adding that the diplomat was “also conducting intelligence activities.”Italy: The Italian Foreign Ministry says it will expel two Russian diplomats from the embassy in Rome “as a sign of solidarity with the United Kingdom and in coordination with the European partners and NATO.”Latvia: The Foreign Ministry told CNN it would expel one diplomat and one private citizen who runs the office of a Russian company in the capital, Riga.Lithuania: Foreign Affairs Minister Linas Linkevicius said on Twitter the country would expel three diplomats “in solidarity with the UK over #SalisburyAttack.” Lithuania would also sanction an additional 21 individuals and ban 23 more from entering the country.Netherlands: Prime Minister Mark Rutte announced the expulsion of two diplomats, saying the use of chemical weapons was unacceptable.Poland: Poland’s Ministry of Foreign Affairs said it would expel four diplomats and said the attack showed how “a similar immediate threat to the territory and citizens of EU and NATO member states can happen anywhere.”Romania: Romania’s Foreign Ministry said on Twitter that one diplomat would be expelled.Spain: The Foreign Ministry said Spain will expel two diplomats. “From the outset, we have considered the nerve agent attack in Salisbury to be an extremely serious development that represents a significant threat to our collective security and to international law,” the ministry said on Twitter.Sweden: The Foreign Ministry told CNN it will expel one diplomat.Non-EU countries
Albania: The Ministry of Foreign Affairs told CNN it will expel two Russian diplomats. In a statement, the ministry said called each diplomat a “persona non grata” and said the pair’s activities were “not compliant to their diplomatic status.”Canada: Ottawa said it was expelling four Russian diplomats alleged to be intelligence officers “or individuals who have used their diplomatic status to undermine Canada’s security or interfere in our democracy.” Additionally it was refusing three applications by Moscow for additional diplomatic staff. “The nerve agent attack represents a clear threat to the rules-based international order and to the rules that were established by the international community to ensure chemical weapons would never again destroy human lives,” Foreign Minister Chrystia Freeland said.Norway: The Ministry of Foreign Affairs told CNN it would expel one Russian diplomat in response to the attack. “The use of a nerve agent in Salisbury is a very serious matter,” Norwegian Foreign Minister Ine Eriksen Soreide said in a statement. “Such an incident must have consequences.”Ukraine: President Petro Poroshenko said Ukraine, which has experienced years of hostility from Russia, including the annexation of Crimea, would expel 13 diplomats. “Russia has again reconfirmed its disdainful attitude to the sovereignty of independent states and the value of human life.”United States: The White House said it was expelling 60 Russian diplomats identified as intelligence agents and also announced the closure of the Russian consulate in Seattle. It represents the most forceful action Trump has taken against Russia to date. Of those being expelled, 48 of the alleged intelligence agents work at the Russian embassy in Washington and 12 are posted at the United Nations in New York, senior administration officials said.
Category Archives: Department of Homeland Security
Russia Investigation, Sanctions and Military Readiness
President Donald Trump may not have realized on Monday that his executive order would step on Russia’s toes. Its official target was Venezuela, specifically the country’s plan to create the world’s first state-backed cryptocurrency, the petro, which went on sale Tuesday.
But behind the scenes, the petro was in fact a collaboration—a half-hidden joint venture between Venezuelan and Russian officials and businessmen, whose aim was to erode the power of U.S. sanctions, sources familiar with the effort told TIME.
Trump’s executive order did not mention the petro’s Russian backers, whose role has not previously been reported. Citing economic sanctions that the U.S. imposed against Venezuela in August, the order simply made clear that anyone who buys or uses the new cryptocurrency would be in breach of those sanctions, as would anyone under U.S. jurisdiction who helps Venezuela develop the petro. “Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited,” the document states. More here.
***
Meanwhile the House Intelligence Committee released the Russia report.
Is the United States doing enough to respond to Russia? Still curious? Given the dramatic increase in military spending in the Omnibus, we are not prepared yet to take on the alleged star war weapons Putin advertises.In his address to the parliament earlier this month the Russian president unveiled a small zoo of strategic programs that are supposed to counter U.S. missile defense (or make it “impotent and obsolete”). Some of these systems were not entirely new – we knew about the ejection test of the Sarmat missile, the Status-6 underwater drone, and, of course, about the Avangard hypersonic glider that was known as Project 4202 or Yu-71. A number of people pointed out that the Kinzhal “hypersonic” missile appears to be an air-launched modification of the Iskander ballistic missile and that there were reports about something like that in the past. The only genuinely new system seems to be the nuclear-powered cruise missile, which doesn’t have a name yet.
With the exception of Kinzhal, none of these systems appear to be close to operational capability. Yes, it’s been said that tests were successful, but for Sarmat it was only the first ejection test; Status-6 and the cruise missile seem to be at the point of proof-of-principle tests of their nuclear reactors and propulsion systems. As for Avangard, it probably had two successful test flights, but is not clear if it is fully ready for deployment. On the other hand, there is no reason to believe that these systems cannot become operational in the next few years, now that they are likely to be treated as priority programs.
It is not surprising that the defense industry used the specter of missile defense to get support for its programs. In fact, we have seen this before. In 1985, the Soviet defense industry put together a series of programs that were supposed to counter U.S. Strategic Defense Initiative. I described the history of these programs in my “Did Star Wars Helped End the Cold War?” paper last year. But I thought that the list of those programs may be of some interest as well. That list comes from Vitaly Katayev’s notes – he compiled a table of the programs that were included in the four anti-SDI programs at the time. Here is the document:
The table contains some interesting entries. For example, the hypersonic glider is there – it was known as Albatross then. A few other programs survived to this day as well, but most were abandoned. One word of caution – most of the anti-SDI systems existed before SDI, but of course the missile defense presented a perfect excuse for the industry to put everything in one package to ensure that they get the support they wanted. The current list of anti-missile defense programs seems to be much shorter, but the basic idea is the same.
*** Lots of questions are being asked in congressional hearings. The summary is such:
The nation’s nuclear deterrence enterprise remains as important as ever in light of the return of superpower competition and rogue nation threats presented by North Korea and Iran, senior Defense Department officials told the House Armed Services Committee’s strategic forces subcommittee here today.
The officials discussed national security policies with regard to DoD’s fiscal year 2019 budget request and within context of the country’s nuclear force posture.
John C. Rood, undersecretary of defense for policy; Air Force Gen. Robin Rand, commander of Air Force Global Strike Command; Navy Vice Adm. Terry Benedict, director of the Navy Strategic Systems Program; and Lisa Gordon-Hagerty, administrator of the Energy Department’s National Nuclear Security Administration, each presented testimony on the importance of the nuclear force.
Rood’s opening remarks quoted Defense Secretary James N. Mattis: “[The Nuclear Posture Review] rests on a bedrock truth. Nuclear weapons have, and will continue to play, a critical role in deterring a nuclear attack, and in preventing large-scale conventional warfare between nuclear armed states for the foreseeable future. U.S. nuclear weapons not only defend our allies against conventional nuclear threats, they also help them avoid the need to develop their own nuclear arsenals. This, in turn, furthers global security.”
Sustaining Modernization Efforts
According to Rood, the 2018 Nuclear Posture Review reflects DoD’s strategic priority to maintain a safe, secure, survivable and effective nuclear deterrent. While the diverse capabilities of the current nuclear triad provide necessary flexibility and resilience, each leg of the triad has surpassed its intended operating lifecycle.
While the U.S. remains the strongest military in the world, the advantages are eroding as adversaries continue to modernize conventional and nuclear forces, now fielding broad arsenals of nuclear missiles capable of reaching the American homeland, Rood said.
“Weakness invites challenge and provocation,” he said. “Our task at the Defense Department is to ensure that the U.S. military advantages endure, and in combination with other elements of national power, we are able to fully meet the increasing challenges to our national security.”
At the direction of U.S. Strategic Command, a recent reorganization of authority took place within Air Force Global Strike Command, Rood said. In September, Rand became dual-hatted, assuming the duties of Joint Force Air Component Command, Air Forces Strategic-Air, a position created to streamline authorizations for bomber and intercontinental ballistic missile forces under one line of authority. This, along with other current and future initiatives, are a priority for Rand and Global Strike Command in the continued defense of the nation.
“Modernization of [America’s] nuclear force is absolutely critical,” Rand said. “The key to Global Strike Command’s continued success will remain on our ability to modernize, sustain, and recapitalize our force.”
Looking Toward the Future
The Navy is currently in the process of implementing life-extension programs for defense weapons. Benedict said those programs are on track and within budget constraints. Benedict said existing efforts will ensure effective and credible sea-based deterrents until the 2040s, and the Navy is also taking steps to provide credible weapons systems beyond the 2040s.
The Nuclear Posture Review directs the Navy to begin studies in 2020 to define a cost-effective, credible and effective sea-launched ballistic missile that can be deployed beyond the life of the Columbia-class submarine nuclear weapons system, Benedict said. The first of the Columbia-class submarines, which are to replace the present Ohio-class Trident nuclear submarines, is slated to come into service in 2021.
Benedict added that budget requests included funding for modernization efforts in partnership with the National Nuclear Security Administration to bolster the U.S. deterrence posture.
The NNSA, according to Gordon-Hargerty, has three main objectives, to maintain the safety, security and reliability of the U.S. nuclear weapons stockpile, reduce the threat of nuclear proliferation and nuclear terrorism around the world and provide nuclear propulsion for the Navy’s fleet of aircraft carriers and submarines.
To meet those objectives, Gordon-Hargerty said the president’s fiscal year 19 budget request included increased spending in areas such as weapons activities, defense nuclear nonproliferation and naval reactors.
“This request moves us forward to a deterrent that is modern, robust, flexible, resilient, ready and appropriately tailored to meet current and future uncertainties as outlined in the 2018 Nuclear Posture Review,” she said.
Gordon-Hagerty said this added funding will also provide the resources required to ensure protection of the U.S. and its allies and partners.
“In an increasingly complex and threatening security environment, the DoD must sustain the capabilities needed to deter and defend against attacks on our homeland,” Rood said. “Along with our allies and partners, we must ensure we have the capabilities now, and into the future, to protect our people and the freedoms we so cherish, and are able to engage our adversaries, diplomatically, from a position of strength.”
POTUS and Omnibus, No Line Item Veto?
2232 pages of stupid and everyone should take the time to just scan the $1.3 trillion spending bill. I got to page 184 last night and went to bed mad. There is no line item veto but there should be. President Trump can veto the whole truck load of crap and should. In place of the line item veto, he can wield his pen and sign an Executive Order eliminating countless crazy spending things or suspend some of the acts for the rest of his term. Something like the Food for Progress Act. And we are still bailing out the healthcare insurance companies…. anyway…there is also $687 million to address Russian interference. Just what is that plan?
- How about the Cloud Act? Foreign governments get access to our data? WHAT?
2. Okay how about Trump’s “wall funding.” It’s not a wall. It’s repairs, drones and pedestrian fencing – no construction. 
3. Then we have the House Freedom Caucus with their letter to President Trump: 
So…need more? Conservative Review has these 10 items for your consideration.Here are the top 10 problems with the bill:
1) Eye-popping debt: This bill codifies the $143 billion busting of the budget caps, which Congress adopted in February, for the remainder of this fiscal year. This is on top of the fact that government spending already increased $130 billion last year over the final year of Obama’s tenure. Although the Trump administration already agreed to this deal in February, the OMB put out a memo suggesting that Congress appropriate only $10 billion of the extra $63 billion in non-defense discretionary spending. Now it’s up to Trump to follow through with a veto threat. It’s not just about 2018. This bill paves the road to permanently bust the budget caps forever, which will lead to trillions more in spending and cause interest payments on the debt to surge past the cost of the military or even Medicaid in just eight years.
Keep in mind that all the additional spending will be stuffed into just six months remaining to the fiscal year, not a 12-month period. A number of onerous bureaucracies will get cash booster shots instead of the cuts President Trump wanted.
Remember when Mick Mulvaney said the fiscal year 2017 budget betrayal was needed so that he could do great things with the fiscal year 2018 budget? Good times.
2) Bait and switch on the wall: Since this bill increases spending for everything, one would think that at least the president would get the $15 billion or so needed for the wall. No. The bill includes only $641 million for 33 miles of new border fencing but prohibits that funding for being used for concrete barriers. My understanding is that President Trump already has enough money to begin construction for roughly that much of the fence, and pursuant to the Secure Fence Act, he can construct any barrier made from any This actually weakens current law.
3) Funds sanctuary cities: When cities and states downright violate federal law and harbor illegal aliens, Congress’ silence in responding to it is deafening. Cutting off block grants to states as leverage against this dangerous crisis wasn’t even under discussion, even as many other extraneous and random liberal priorities were seriously considered.
4) Doesn’t fund interior enforcement: Along with clamping down on sanctuary cities, interior enforcement at this point is likely more important than a border wall. After Obama’s tenure left us with a criminal alien and drug crisis, there is an emergency to ramp up interior enforcement. Trump requested more ICE agents and detention facilities, but that call was ignored in this bill. Trump said that the midterms must focus on Democrats’ dangerous immigration policies. Well, this bill he is supporting ensures that they will get off scot-free.
5) Doesn’t defund court decisions: Some might suggest that this bill was a victory because at least it didn’t contain amnesty. But we have amnesty right now, declared, promulgated, and perpetuated by the lawless judiciary. For Congress to pass a budget bill and not defund DACA or defund the issuance of visas from countries on Trump’s immigration pause list in order to fight back against the courts is tantamount to Congress directly passing amnesty.
6) Funds Planned Parenthood: We have no right to a border wall or more ICE funding, but somehow funding for a private organization harvesting baby organs was never in jeopardy or even under discussion as a problem.
7) Gun control without due process: Some of you might think I’m being greedy, demanding that “extraneous policies” be placed in a strict appropriations bill. Well, gun control made its way in. They slipped in the “Fix NICS” bill, which pressures and incentivizes state and federal agencies to add more people to the system even though there is already bipartisan recognition that agencies are adding people who should not be on the list, including veterans, without any due process in a court of law. They are passing this bill without the House version of the due process protections and without the promised concealed carry reciprocity legislation. Republicans were too cowardly to have an open debate on such an important issue, so they opted to tack it onto a budget bill, which is simply unprecedented. The bill also throws more funding at “school violence” programs when they refuse to repeal the gun-free zone laws that lie at the root of the problem.
8) More “opioid crisis funding” without addressing the problem: The bill increases funding for “opioid addiction prevention and treatment” by $2.8 billion relative to last year, on top of the $7 billion they already spent in February. This is the ultimate joke of the arsonist pretending to act as the firefighter, because as we’ve chronicled in detail, these funds are being used to clamp down on legitimate prescription painkillers and create a de facto national prescription registry so that government can violate privacy and practice medicine. Meanwhile, the true culprits are illicit drugs and Medicaid expansion, exacerbated by sanctuary cities, as the president observed himself. Yet those priorities are jettisoned from the bill.
9) Student loan bailout: The bill offers $350 million in additional student loan forgiveness … but only for graduates who take “lower-paid” government jobs or work for some non-profits! This was a big priority of Sen. Elizabeth Warren. Government created this problem of skyrocketing student debt by fueling it with subsidies and giving the higher education cartel a monopoly of accreditation, among other things. Indeed, this very same bill increases Pell grants by $2 billion. But more money is always the solution, especially when it helps future government workers.
10) Schumer’s Gateway projects earmark: Conservatives had a wish list of dozens of items, but it’s Schumer’s local bridge and tunnel project that got included. While the bill didn’t contain as much as Schumer asked for (remember the tactic of starting off high), the program would qualify for up to $541 million in new transportation funding. Also, the bill would open up $2.9 billion in grants through the Federal Transit Administration for this parochial project that should be dealt with on a state level. New York has high taxes for a reason.
Assassinations of Russians, a Trend or Long Game?
A registry of foreign agents to Russia, compiled by the Justice Department, includes many of Washington’s most powerful legal, communications and lobbying firms, including Sidley Austin, Venable, APCO and White & Case. A review of those records, by the Center for Responsive Politics, found 279 registrations of Russian agents in the United States. More here.
***
“Putin’s inner circle is already subject to personal U.S. sanctions, imposed over Russia’s 2014 annexation of Ukraine’s’ Crimea region,” the Reuters news agency points out. … “But the so-called ‘oligarchs’ list’ that was released on Tuesday … covers many
people beyond Putin’s circle and reaches deep into Russia’s business elite.”
Prime Minister Dmitry Medvedev is among the 114 senior political figures in Russia’s government who made the list, along with 42 of Putin’s aides, Cabinet ministers such as Foreign Minister Sergey Lavrov, and top officials in Russia’s leading spy agencies, the FSB and GRU. The CEOs of major state-owned companies, including energy giant Rosneft and Sberbank, are also on the list.
So are 96 wealthy Russians deemed “oligarchs” by the Treasury Department, which said each is believed to have assets totaling $1 billion or more. Some are the most famous of wealthy Russians, among them tycoons Roman Abramovich and Mikhail Prokhorov, who challenged Putin in the 2012 election. Aluminum magnate Oleg Deripaska, a figure in the Russia investigation over his ties to former Trump campaign chairman Paul Manafort, is included.
Russian Deputy Prime Minister Arkady Dvorkovich dismissed the list as simply a “who’s who” of Russian politics. He told Russian news agencies Tuesday he wasn’t surprised to find his name on the list, too, saying that it “looks like a ‘who’s who’ book.” Dvorkovich stopped short of saying how Russia would react to it, saying the Kremlin would “monitor the situation.” More here.
*** So when there are murder cases of Russian asylees in Britain, what are the agencies in the United States thinking?
Well there was Mikhail Lesin, a former friend of Putin found dead in his hotel in Dupont Circle, Washington DC. Then there was Operation Ghost Stories, the massive spy swap.
Imagine what the context and case reference is for the FBI when it comes to Russian operations in the United States and in allied countries.Or how many planes have been shot out of the sky where clues and evidence point to Russia? More explained in video below.
Beyond the attempted assassination of Skripal and his daughter in Salisbury two weeks ago, there was yet another confirmed death.
Whoever is behind the murder of a prominent Russian exile, who believed he was on a Kremlin hit list, managed to get inside his home without breaking in, police believe.
Nikolai Glushkov, 68, was found dead at home last week at his home in southwest London, and officers are now hunting for the culprits. His official cause of death is “compression to the neck.”
Before his death, Glushkov warned that a close friend of his had been murdered, and that he would be next.
In a Monday morning update on the investigation, the Metropolitan Police said they examined Glushkov’s house and found no signs of forced entry.
*** How bad is this trend?
4 Days of Food Left…Panic? National Grid Hacked
If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?
British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.
Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.
The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.
***
The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.
While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.
In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.
This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.
U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.
Multi-Stage Campaigns Provide Opportunities for Early Detection
The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.
In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.
The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:
- Altering trade publication websites
- Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
- Analyzing publicly available photos that inadvertently contained information about industrial systems
The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.
The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.
The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.
***
What Is Known
Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.
Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.
The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT
Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.