New —> @elonmusk told SpaceX engineers to cut off Ukrainian submarine drones’ access to Starlink satellites as the Ukrainians prepared a sneak attack on Crimea last yr, per new Musk biography by Walter Isaacson. Musk feared a Russian retaliation via nukes.cnn.com/2023/09/07/pol… “How am I in this war?” Musk asks Isaacson. “Starlink was not meant to be involved in wars. It was so people can watch Netflix and chill and get online for school and do good peaceful things, not drone strikes.”

New --> Chinese state-backed hacking group has breached local government agencies in at least 6 US states, investigators say: cnn.com/2022/03/08/pol… "The wide range of state agencies targeted include 'health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,' according to an FBI/CISA advisory to states obtained by CNN.

From @ODNIgov's testimony for the annual worldwide threat assessment hearing: "We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks." "Russia is particularly focused on improving its ability to target critical infrastructure, incl. underwater cables & industrial control systems, in the US [as well as allies] b/c compromising such infrastructure ... [shows] its ability to damage infrastructure during a crisis."

Echoing what other analysts have said, Google's @ShaneHuntley confirms that Ghostwriter, "a Belarusian threat actor, has conducted credential phishing campaigns over the past week against Polish and Ukrainian government and military organizations." blog.google/threat-analysi… There's also this: Fancy Bear "has conducted several large credential phishing campaigns" targeting users at a Ukrainian media company. blog.google/threat-analysi…

NEW: Latvian woman charged for role in Trickbot Interesting details in the indictment on the origins of the "TrickBot Group," after Russian authorities reportedly arrested the operators of a different type of malware. justice.gov/opa/press-rele…

New --> A deep dive into ransomware incidents in the manufacturing sector, including new details on Honeywell's handling of its recent hacking incident based on internal emails and sources. cyberscoop.com/honeywell-hack… We revisit the 2019 ransomware-induced disruption of Norsk Hydro, the aluminum giant that shared in vivid detail how its factories were hampered: cyberscoop.com/honeywell-hack…

“Our government got hacked last year and we didn’t know about it for months," @SecMayorkas says bluntly at an RSA event. Cites that as an urgent need to "modernize" the way the federal government approaches cybersecurity. Mayorkas vows that the federal government will improve in just about every aspect of cybersecurity, from detection to incident response to information sharing.

The White House has told @sarasendek, the longtime head of public affairs for @CISAgov, that her services are no longer needed, Sara tells me. Today is her last day on the job. As a political appointee, Sendek would have left government service by Jan. 20. But she was still actively helping run CISA's response to the #SolarWinds hack as well as the agency's work in support of the Georgia runoffs.

Scoop --> Grid regulator warns utilities of risk of #SolarWinds backdoor, asks how exposed they are cyberscoop.com/nerc-alert-sol… "NERC regularly collects information from utilities in response to cyberthreats. But this particular questionnaire exemplifies how the hunt for information related to the suspected Russian hacking operation is very much ongoing in the private sector as it is in government."

NEW --> US agencies conclude #Iran is likely behind website aimed at stoking violence against election officials cyberscoop.com/fbi-iran-cisa-… Confirming @nakashimae, @AmyEGardner and @byaaroncdavis scoop

.@TomBossert at @AuburnCyber event: It's "premature" to frame the #SolarWinds hack exclusively as espionage. As for the espionage side of things, “the scale and scope of this is not excusable.” Melissa Hathaway, ex-cyber adviser to GWB & Obama, praises FireEye for its transparency in dealing with the #SolarWinds breach, but calls for SolarWinds itself to be more transparent, saying the firm is responsible for intro-ing a considerable amount of risk into the supply chain

ICYMI. Yesterday was a wild day of infosec news. Allow me to recap our coverage: Dragos raised $110M from the investment arms of Koch Industries, Saudi Aramco and others. ICS security has hit the big stage: cyberscoop.com/dragos-raises-…

FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame cyberscoop.com/fireeye-says-h… “The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation-state,” said Matt Gorham, assistant director of the FBI Cyber Division.

NEW: Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts cyberscoop.com/norwegian-poli… Thanks to @martingund for the translation help. You should read his story on the Fancy Bear revelation here (in Norwegian): nrk.no/norge/storting…

Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation cyberscoop.com/trump-chris-kr… Private-sector experts,& Democratic lawmakers "protested loudly that Krebs’ dismissal risked hurting national security @ a perilous moment for the country. But Republican lawmakers who have previously praised Krebs, a Trump appointee, were notably silent." cyberscoop.com/trump-chris-kr…