U.S. Suspends Cyberattacks Against Russia

The United States has suspended offensive cyber operations against Russia under an order issued by Defense Secretary Pete Hegseth, according to multiple confirmed reports.

The directive, first revealed by The Record and corroborated by The New York Times and The Washington Post, marks a notable shift in the Pentagon’s cyber strategy amid escalating global tensions.

While U.S. Cyber Command—tasked with both defending national infrastructure and conducting offensive cyber campaigns—has paused its operations targeting Moscow, the Cybersecurity and Infrastructure Security Agency (CISA) emphasized that its defensive posture remains unchanged.

CISA swiftly addressed speculation about its involvement, stating on social media: “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture”.

Rationale Behind the Cyber Stand-Down

Sources within the Trump administration frame the pause as a diplomatic overture to encourage negotiations over Russia’s invasion of Ukraine.

However, critics highlight the asymmetry of the move: while the U.S. halts offensive actions, Russian-linked groups like Midnight Blizzard and Sandworm continue targeting American entities through ransomware, phishing, and supply-chain attacks.

Historical precedents—including the SolarWinds breach and NotPetya malware—underscore Moscow’s relentless cyber aggression, raising questions about the efficacy of unilateral de-escalation.

Former officials argue the administration aims to free resources to counter China, which has intensified cyberespionage against U.S. infrastructure. 

The Register notes this strategic recalibration aligns with recent warnings from CISA Director Jen Easterly about China’s “existential” threat to U.S. critical systems.

Yet, experts warn that easing pressure on Russia could embolden Kremlin-backed hackers, who have historically exploited geopolitical lulls to launch disruptive campaigns.

Broader Cybersecurity Developments

Dutch Police Net Phishing Suspects With Sting Operation

In the Netherlands, police arrested individuals allegedly involved in a phishing ring after staging fake meetings to deliver ransom payments.

Suspects attempted to disguise their activities by carrying fishing gear, a ruse authorities dismissed as “creative but unconvincing”. The operation highlights law enforcement’s growing use of proactive tactics to combat cybercrime.

Medusa Ransomware Gang’s Geographical Blunder

The Medusa ransomware group faced embarrassment after mistakenly claiming a breach of Aurora, Colorado (population: 400,000), when their actual target was Aurora, Nebraska (population: <5,000).

The error, exposing data from the smaller municipality, underscores the challenges rural communities face in responding to cyberattacks due to limited resources.

Apple’s Find My Network Exploited for Cross-Platform Tracking

Researchers at George Mason University revealed a vulnerability in Apple’s Find My service, dubbed “nRootTag,” enabling surveillance of non-Apple devices via Bluetooth.

By brute-forcing encryption keys, attackers could track Windows, Android, and Linux systems at minimal cost, raising alarms about consumer privacy.

The exploit, set to be detailed at the USENIX 2025 conference, highlights risks in widely trusted location-tracking ecosystems.

Cellebrite’s Spyware Targets Serbian Activists

Amnesty International uncovered Israeli firm Cellebrite exploiting unpatched Android vulnerabilities to spy on Serbian student activists.

Despite Cellebrite’s claims of working solely with governments on legitimate investigations, the breaches involved flaws in Linux kernel USB drivers (CVE-2024-53104, CVE-2024-53197, CVE-2024-50302), two of which remain unpatched in Android as of March 2025.

The company has since suspended sales to Serbian authorities.

Chinese Hackers Infiltrate Belgian Security Services

Belgian officials disclosed a two-year cyberespionage campaign attributed to China, exfiltrating emails from the State Security Service and Belgian Pipeline Organisation.

While no classified data was compromised, the breach, executed via a compromised Barracuda Networks email gateway, exposed personal details of nearly half the agency’s personnel.

The incident underscores persistent vulnerabilities in governmental communication infrastructure.

The U.S. cyber pause against Russia reflects a complex interplay of diplomacy and strategy, balancing deterrence with resource allocation for emerging threats.

Yet, as global adversaries exploit digital frontiers, the efficacy of such gambits remains uncertain.

Meanwhile, innovative cyber policing and escalating spyware risks highlight the evolving battlefield—one where vigilance and adaptability are paramount.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.