White House National Security Council spokesperson John Kirby said that more investigations are needed to determine the Russian government's involvement in distributed denial-of-service attacks that disrupted more than a dozen airports across the U.S. on Monday, according to ABC News.
"We just don't really understand fully who's behind this, what the motivation was, certainly at what level if any Kremlin officials were aware. We just don't know," said Kirby in an interview. Investigations on the incident are already underway, noted Kirby, who added that moves to strengthen cyber resilience will be undertaken. Mandiant Head of Intelligence Analysis John Hultquist noted that the attacks against the airport sites have been conducted by Russian hacktivist group Killnet, which has begun targeting Ukraine and its allies, including the U.S., since the Russian invasion of Ukraine commenced in February. While other hacktivist groups have been linked to state-backed threat actors, there has been no evidence suggesting the same for Killnet, said Hultquist.
English and Russian-speaking Windows users are being targeted by the novel Mimic ransomware, which has been leveraging the APIs of the Everything file search tool to identify to-be encrypted files, reports BleepingComputer.
North Korean state-sponsored advanced persistent threat group TA444 has engaged in a credential harvesting campaign targeting the U.S. and Canada with OneDrive phishing emails beginning last month, according to SecurityWeek.