It has been a confusing few days in US cyber security. At the end of February of this year, it was reported that Defense Secretary Pete Hegseth had ordered US Cyber Command to pause its offensive operations against Russia. The news was swiftly followed by reports that the US Cybersecurity and Infrastructure Security Agency (CISA) staff had been instructed to turn a blind eye to hacks directed against the United States that might be linked to Russia. The Trump administration had reportedly ordered both CISA and US Cyber Command to stop following or reporting on Russian threats despite them previously being their focus.
The Guardian, the New York Times, the Washington Post, and The Record widely reported the radical change in direction, which quoted anonymous sources familiar with the matter. However, one of the agencies listed, CISA, has refuted an article detailing what it described as "a retreat in the fight against Russian cyber threats."
On Twitter, CISA said that media reports that it had been ordered to stop following or reporting Russian cyber threats against the United States were "fake" and that its mission to "defend against all cyber threats to US Critical Infrastructure, including Russia," had not changed.
What is not in question is that the US Department of Homeland Security has dismantled the Cyber Safety Review Board (CSRB), an advisory committee of CISA that has probed significant cybersecurity incidents, including the Log4J vulnerability, the Lapsus$ hacking gang, and the hack of Microsoft Exchange Online in 2023 that was blamed on "a cascade of security failures" at Microsoft and deemed "preventable."
The disbandment of the CSRB would appear to be bad news for its current inquiry into Salt Typhoon, a Chinese-linked hacking group that has attacked multiple major US telecoms companies and even the US Treasury. Whether it is accurate to say that CISA has been ordered to turn a blind eye to Russia's hacking activities, CISA will face significant challenges in its mission to defend critical US infrastructure if it continues to be weakened. Of note: other US agencies conduct similar collection and analysis cyber missions. [1]
In February 2025, at least 130 employees were fired from CISA, including staff focused on securing US elections and fighting state-sponsored misinformation campaigns.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments