Dive Brief:

• The Department of Homeland Security will lead the U.S. response to the war in Ukraine, where the capital of Kyiv was under siege Friday by Russian forces. President Joe Biden's announcement Thursday comes amid heightened concern about spillover cyberattacks and supply chain disruptions. The administration also on Thursday highlighted "concrete actions" it will take this year to fortify America's supply chains.
• Biden warned in a speech Thursday the U.S. is prepared to respond to cyberattacks against companies or critical infrastructure after Russian forces launched a coordinated military assault on Ukraine. He also detailed a series of new sanctions on Russia, including restrictions on its two largest banks and limits to technology imports. 
• Federal officials have repeatedly warned critical infrastructure providers, state and local officials, and private sector partners of potential cyberattacks that could coincide with hostilities in Ukraine. There is growing concern Russia may try to use cyber as a way to strike back at the U.S. or NATO allies without taking direct military action.

Dive Insight:

DHS established a Unified Coordination Group to help federal agencies prepare for potential threats against the U.S., coordinating with state and local officials and the private sector. 

Thursday's announcement is a response the rapid incursion by the Russian military, which U.S. officials fear may result in a high body count and a mass exodus of refugees. 

The cyberwar started in advance. Ukraine came under a series of DDoS attacks this week against government ministries and banks. 

A Belarus-backed threat actor known as UNC1151 launched a series of phishing emails targeting Ukrainian military personnel, according to the Computer Emergency Response Team of Ukraine Friday.

Threat actors have also deployed sophisticated wiper malware that could potentially erase data on enterprise systems. Researchers from ESET and Broadcom’s Symantec said the wiper, called HermeticWiper, has been found on hundreds of computer systems in Ukraine. 

Researchers are also tracking the state-backed threat actor known as Sandworm, credited with a sophisticated botnet called Cyclops Blink, that abuses Watchguard firewall appliances to spread destructive malware. 

There were also indications of HermeticWiper infections in Latvia and Lithuania, which share borders with Russia. 

White House Press Secretary Jen Psaki said Thursday there was no immediate evidence of a confirmed attack against U.S. organizations, but repeated the U.S. was prepared to respond to any cyberattack launched against critical infrastructure or companies. 

U.S. cybersecurity officials are closely coordinating with private sector and local officials to monitor for any unusual activity. 

"We are not seeing any malicious cyber activity targeting U.S. infrastructure," a spokesperson for the Cybersecurity and Infrastructure Security Agency said via email late Thursday afternoon. "We are working closely with partners in the Joint Cyber Defense Collaborative to gather, analyze and further share information related to today’s attacks in Ukraine, including with major energy and financial sector institutions."