US Cyber Command Reportedly Pauses Cyberattacks on Russia

US Cyber Command Reportedly Pauses Cyberattacks on Russia

US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, according to a report by The Record. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied any change in its posture, saying that there has been no shift in its stance on defending against Russian cyber threats.

Cyber Command is one of eleven Unified combatant commands, organizations that combine personnel from multiple departments of the US military. The command's dual mission is to defend the nation and, if necessary, engage enemies in the cyber domain.

The order to pause operations directed against Russia was first reported by The Record and since confirmed by The New York Times, The Washington Post, and other outlets. CISA's X account responded to reports of the stand-down order, stating that there has been no change in its posture and that any such reporting is "fake" and undermines national security.

The timing of CISA's response could be seen as a riposte to reporting on the stand-down order, or it could be a response to other reports claiming that CISA has set new priorities that include defending against China. The Register favors the latter scenario, as CISA does not conduct offensive operations and is part of the Department of Homeland Security.

According to reports, the cyber-ops pause is a tactic to get Russia to the negotiating table to discuss Vladimir Putin's illegal invasion of Ukraine. However, none of the stories on this apparent order mention the US seeking reciprocity from Moscow. President Putin remains free to continue using his sophisticated cyber-armory against American targets.

Recently revealed large-scale attacks on America came from China-backed Salt Typhoon infiltration of most US phone networks. Foreign policy analysts suggest that the Trump Administration hopes to settle its relationship with Russia so it can focus more attention on China.

Phishing Suspects Used Fishing Gear as Alibi

Police in the Netherlands have cuffed alleged phishers who used fishing gear as an alibi. The suspects were caught after they tried to use their "fishing rods" to avoid detection while attempting to scam people out of their money.

Apple's Find My Device-Tracking Tool Hacked

Researchers have found a way to track the location of many Bluetooth-enabled devices using Apple's "Find My" device-tracking tool. The technique, dubbed nRootTag, uses Apple's network of Bluetooth sensors to track Linux, Windows, and Android systems.

The researchers used GPUs for the attack, which achieved a success rate of over 90% within minutes at a cost of only a few US dollars. The technique will be presented at USENIX 2025 conference in Seattle.

Cybersecurity Flaws

Ping Identity has warned about a flaw in its PingAM Java Agent identity management software that would allow code injection, with a CVSS score of 9.2.

Citrix has fixed a serious privilege escalation flaw in its NetScaler Console and Agent, which could potentially lead to remote code execution, with a CVSS score of 8.8.

Cisco's Nexus 3000 and 9000 series switches need a fix to block a potential denial of service attack in devices left in standalone NX-OS mode, with a CVSS score of 7.4.

Chat widget TawkTo Widget is open to cross-site scripting attacks and needs patching to avoid malicious JavaScript injection, with a CVSS score of 6.6.

Cellebrite Exploits Unpatched Flaws

Cellebrite claims it only works with governments in search of legitimate criminal targets. However, the case uncovered by Amnesty shows student activists being targeted using three flaws in Android's Linux kernel USB drivers.

Belgian Cops Need Poirot After Chinese Hack

A spying operation by China has reportedly scooped a huge volume of emails from the Belgian State Security Service. The two-year campaign has reportedly hoovered up the personal information of about half the agency's members.

The attackers apparently subverted a Barracuda Networks email gateway to capture emails from the Security Service and those of the Belgian Pipeline Organisation, which manages undersea pipes in the North Sea. No classified material was lost in the attack, and Belgian prosecutors are investigating.