The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said Monday that its goal is to protect the nation’s critical infrastructure from all cyber threats, including those from Russia.
“CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia,” according to a message posted on the agency’s X, formerly Twitter, handle. “There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”
The CISA statement comes amid initial reports of Pete Hegseth, defense secretary, pausing offensive cyber operations against Russia as a diplomatic push continues to end the war in Ukraine. However, the reasoning for the instruction was not been publicly stated.
The Pentagon later denied media reports that Hegseth had ordered a halt in offensive cyber operations against Russia, according to a senior defense official. Hegseth has neither canceled nor delayed any cyber operations directed against malicious Russian targets, and there has been no stand-down order whatsoever from that priority.
This comes as the Qilin ransomware gang, a Russian-speaking cybercrime organization associated with numerous incidents, including a ransomware attack on hospitals in London, announced that it has stolen 350 GB of files from Lee Enterprises, leading to disruptions in newspaper operations.
Qilin hackers also targeted the Houston Symphony, marking another cyberattack on the cultural and performing arts sector. Additionally, the health ministry of the Pacific island nation of Palau has recovered from a ransomware attack launched by the Qilin ransomware gang, which is known for targeting prominent healthcare institutions, marking the latest in a series of cyberattacks targeting the healthcare sector.
Last week, the Qilin ransomware group claimed responsibility for the cyberattack on Lee Enterprises through a post on their Tor-based leak site. This suggests that Lee Enterprises either refused to pay the ransom or that negotiations have reached an impasse.
The hackers allege they have acquired 350 GB of data from Lee Enterprises’ systems, which includes “investor records, questionable financial arrangements, payments to journalists and publishers, funding for specific news stories, and methods for obtaining insider information.” The Qilin cybercriminals are threatening to release the stolen data on March 5 unless the ransom is paid. To substantiate their claims, they have released samples of the stolen data, featuring screenshots of passport and driver’s license scans, corporate documents, and spreadsheets.
Based in Houston, Texas, the performing arts organization was listed on the ransomware gang’s dark web blog on Friday, accompanied by a five-day ultimatum and a TOX address for contacting the hackers. Just the previous week, the group claimed responsibility for a ransomware attack on the local Detroit PBS public broadcasting station.
“On February 17, 2025, the Ministry of Health and Human Services (MHHS) was the victim of a ransomware attack on its health information systems,” the Palau Ministry of Health and Human Services Cyber-attack and Data Breach wrote in a public notice published on Facebook. “Upon discovery of the breach, the MHHS moved quickly to isolate the incident and return to normal hospital operations. However, further investigation has determined that patient data was compromised as result of the cyber-attack.”
The data may include billing summaries for patients seen at the Belau National Hospital between 2018 and 2022, as the MHHS does not store payment information such as credit card numbers, etc., personal information including hospital number, name, address, telephone number, and date of birth, and patient visit information: diagnoses and procedures
The MHHS added that at this stage, it is important to know that this information, if exposed, is not accessible to normal internet users, and Palauans should not seek to access this information.
“Based on the kind of information that has been stolen, MHHS and its cyber advisors do not perceive any significant impact to the security of individual Palauans,” the notice added. “However, MHHS recommends that all Palauans remain vigilant against potential fraud and/or phishing emails that may attempt to use this incident as a means of getting you to release personal information. MHHS will not contact individuals to discuss this issue.”
The CISA message comes as Karen S. Evans was appointed as the executive assistant director for cybersecurity at the CISA within the Department of Homeland Security. In this role, she guides CISA’s cybersecurity efforts as the national coordinator for critical infrastructure security and resilience. She takes over from Jen Easterley, following the January federal leadership change.
Evans formerly served as the first Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response for the Department of Energy (DOE). Following U.S. Senate confirmation in August 2018, she was sworn in on September 4, 2018, and provided strategic direction, leadership, and management to address emerging threats while improving energy infrastructure security and supporting the DOE national security mission.
From March 2020 through January 20, 2021, Evans served as the Chief Information Officer (CIO) of the Department of Homeland Security. Before being named Assistant Secretary at DOE, Evans was the national director of the U.S. Cyber Challenge, a public-private partnership focused on building the cyber workforce.