Signup to receive the Early Edition in your inbox here.

A curated weekday guide to major national security news and developments over the past 24 hours. Here’s today’s news.


Co-ordinated action against the REvil has been announced by the U.S. Department of Justice (DOJ), Europol and the Romanian police, dealing a devastating blow to the cyber-crime gang. The coordinated raids, which have taken place both on and offline, led to the recent arrests of two alleged hackers in Romania. BBC News reports.

The DOJ has taken action against a Ukrainian national and a Russian national charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States, including with conducting the July 2021 attack against the multinational information technology software company Kaseya. “An indictment accused Ukrainian Yaroslav Vasinskyi, who was arrested in Poland last month, of breaking into Florida software provider Kaseya over the July 4 weekend. From there, he and accomplices simultaneously distributed REvil ransomware to as many as 1,500 Kaseya customers, encrypting their data and forcing some to shut down for days, it said. Vasinskyi is charged with breaking into the victim companies and installing encryption software, developed by the core REvil group. REvil directly handled the ransom negotiations and split the profits with affiliates like Vasinskyi…Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, were charged in U.S. District Court for the Northern District of Texas with conspiracy to commit fraud and conspiracy to commit money laundering, among other offenses,” Mark Hosenball, Kanishka Singh and Joseph Menn report for Reuters.

The U.S. has also announced that it has successfully retrieved more than $6m in cryptocurrency from the cyber-crime gang REvil in a so-called “claw back” hacking operation. Attorney General Merrick Garland announced the seizure of funds during a press conference that also included FBI Director Christopher Wray and Deputy Attorney General Lisa Monaco. Garland emphasized to reporters that “this will not be the last time” that the U.S. reclaims ransomware victim payments. Maggie Miller reports for The Hill.

The two individuals allegedly linked to REvil arrested by Romanian authorities were said by Europol to be behind more than 5,000 cyberattacks and are accused of having gained more than half a million Euros in ransomware payments made by victims. “The arrests were the latest in a string of operations pursued by a coalition of international partners against REvil, with Europol saying Monday that three other individuals associated with REvil, along with two others associated with a linked cyber crime group, have been arrested since February,” Maggie Miller reports for The Hill.

There are new accusations that Israeli surveillance firm NSO Group is using its Pegasus technology to spy on Palestinains. NSO Group sells hacking software that has been used to spy on journalists, opposition groups, and activists. The latest accusation that the technology is used to spy on Palestinians comes after President Biden’s administration sanctioned the company last week. NSO Group insists that its Pegasus software is used to combat crime and terrorism by allowing governments to remotely and secretly penetrate phones and extract contents. The Israeli prime minister’s office and the Israeli Defense Ministry denied the accusation that the software has been used against Palestinians. The company continues to campaign to remove the sanctions and aims to persuade the Biden administration that their actions are essential for the national security of both countries. Ronen Bergman and Patrick Kingsley report for the New York Times.

The 9th U.S. Circuit Court of Appeals in San Francisco has said that Facebook can pursue a lawsuit accusing NSO Group of exploiting a glitch in its WhatsApp messaging app to install the Pegasus malware. In a 3-0 decision, the court rejected privately owned NSO’s claim that it was immune from being sued because it had acted as a foreign government agent. Facebook, now known as Meta Platforms Inc, sued NSO for an injunction and damages in October 2019. “NSO has argued that Pegasus helps law enforcement and intelligence agencies fight crime and protect national security. It was appealing a trial judge’s July 2020 refusal to award it ‘conduct-based immunity,’ a common law doctrine protecting foreign officials acting in their official capacity,” Jonathan Stempel and Elizabeth Culliford report for The Wire.

The Israeli government continues to consider NSO Group’s software a crucial element of its foreign policy and is lobbying Washington to remove the company from its blacklist and to lift the sanctions against the company, two senior Israeli officials have said. “In imposing the sanctions, the U.S. Commerce Department said that NSO had acted contrary to the national security or foreign policy interests of the United States.. If the United States is accusing NSO of acting against its interests, the officials said, then it is implicitly accusing Israel, which licenses the software, of doing the same,” Ronen Bergman and Patrick Kingsley report for the New York Times.

Robinhood Markets Inc. has announced that an intruder gained access to its systems last Wednesday and obtained the personal information of millions of its users. The trading app announced in a blog post yesterday that the breach has since been contained, that a ransom payment had been demanded and that the company had informed law enforcement. The intruder was able to access Robinhood systems by impersonating an authorized party to a customer-support employee on the phone, the company said. Peter Rudegeair and Robert McMillan report for the Wall Street Journal.


The House select committee investigating the Jan. 6 attack on the Capitol has issued six new subpoenas for associates of former President Trump. Both Michael Flynn, the former National Security Advisor for Trump, and John Eastman, the lawyer who drafted a memo laying out how Trump could invalidate election results, received subpoenas. The subpoenas require the recipients to turn over documents this month and sit for depositions in December. The new subpoenas demonstrate the committee is widening its investigation. The remaining subpoenas went to Bill Stepien, Trump’s 2020 campaign manager, Jason Miller, a senior adviser to Trump’s 2020 campaign, Bernard Kerik, a New York police commissioner who participated in a planning meeting on Jan. 5, and Angela McCallum, Trump’s 2020 campaign’s national executive assistant. Luke Broadwater reports for the New York Times

Further detail on the latest six Trump allies to be subpoenaed by the Jan. 6 select committee is provided by Rebecca Beitsch, Morgan Chalfant and Brett Samuels reporting for The Hill.

A man wanted by the FBI for allegedly participating in the Jan. 6 attack on the Capitol is seeking political asylum in Belarus. Evan Neumann gave an interview to the state-controlled Belarus television channel in which he said that he had followed the advice of his lawyer and fled to Europe after six charges were filed against him in the United States. “Neumann said that he stayed in Switzerland and Italy for some time and then went to Ukraine for four months. In mid-August, Neumann was detained by Belarusian border guards for illegally crossing from Ukraine. According to Neumann, he decided to flee to Belarus and seek political asylum there after Ukraine’s security services had started expressing interest in him,” Radio Free Europe reports.


The U.S. Supreme Court grappled with the state secrets privilege doctrine yesterday as the U.S. Government sought to rely on the doctrine to fend off a lawsuit against the FBI concerning a controversial post-9/11 surveillance operation that targeted a Muslim community in California. The case dates back to 2006, when the FBI launched a 14-month counterterrorism operation aimed at surveilling members of Southern California’s Muslim community. The Court of Appeals previously ruled that the district court erred by applying court-made rules to decide the government’s privilege claim rather than a procedure provided in the 1970s-era statute called the Foreign Intelligence Surveillance Act, and allowed some of the Muslim plaintiffs’ claims to proceed. Yesterday, several of the Supreme Court justices explored ways to decide the case in a manner that would not turn on resolving the interplay between the competing sets of rules, but rather focus on whether the district judge, who did not review the evidence in question, had dismissed the case prematurely. John Kruzel reports for The Hill.

Republican Rep. Fred Upton (R-MI) has shared a threatening voicemail he received after voting for the bipartisan infrastructure bill last week. Upton was one of just 13 House Republicans who voted with Democratic lawmakers on Friday to pass the $1.2 trillion infrastructure bill. In the voicemail, which Upton played during an interview with CNN, a caller told the Republican: “I hope you die. I hope everybody in your f**king family dies,” while labeling him a “f**king piece of sh*t traitor.” Paul LeBlanc reports for CNN.


CIA Director Willaims Burns held a conversation with Russian President Vladimir Putin in Moscow last week, to convey “serious” U.S. concerns about Russia’s military buildup along the Ukrainian border and to attempt to determine Russian intentions, two sources have said. Putin’s spokesperson also confirmed there was a discussion between Burns and Putin, and said that the conversation touched upon “bilateral relations, the crisis situation in the diplomatic practice, and an exchange of views on regional conflicts.” Jim Sciutto and Natasha Bertrand report for CNN.

U.S. officials have arrived in Bosnia and Herzegovina in an effort to defuse tension and frustration with E.U. facilitated discussions with nationalist Serb leader Milorad Dodik. The U.S. special envoy to the Western Balkans, Gabriel Escobar, made a two day trip, prompting comparisons to similar efforts in the leadup to the region’s 1992-1995 war. Dodik, the Serb representative in the country’s threeway presidency, has threatened to create a breakaway army and boycott the country’s central institutions. Escobar said discussions with the Serb leader were productive, as Dodik was open to withdrawing his legislation that would weaken central institutions. Una Hajdari reports for POLITICO


Satellite images appear to show that Beijing has built mockups of a U.S. Navy aircraft carrier and destroyer in a northwestern desert in China. The move could possibly signal that China is practicing for a future naval clash. The U.S. Naval Institute said that the mock up was a target range developed by the People’s Liberation Army, but the images did not show how many details were included in the practice targets. The Chinese Foreign Ministry has said that it is unaware of the images. The Associated Press reports.

China has said that U.S. charges against a Chinese citizen for stealing trade secrets are “pure fabrication.” On Friday, the Justice Department announced that a federal jury had found Chinese national Xu Yanjun guilty of conspiring and attempting to commit economic espionage, as well as one count of conspiracy to commit trade secret theft and two counts of attempted theft of trade secrets, in relation to plots to steal trade secrets from aviation and aerospace companies. A Chinese Foreign Ministry spokesperson demanded that “the U.S. handle the case according to the law and in a just manner.” Xu faces 60 years in prison and fines of up to 5 million dollars. Reuters reports. 

China’s armed forces are capable of blockading Taiwan’s key harbors and airports, the island’s defense ministry has said. Yimou Lee reports for Reuters


Iraqi officials are blaming an Iran-backed militia group for the attempted assassination of Iraqi Prime Minister Mustafa al-Kadhimi. Officials believe that the attackers wanted to demonstrate they were open to using violence if they were kept out of the government. Two security officials named Kataib Hezbollah and Asaib Ahl al-Haq as responsible for the attack. Other sources could not confirm that Iran was responsible for the attack and others believed Iranian involvement was unlikely. No group has yet claimed responsibility for the attack. Mychael Schnell reports for The Hill

Iran’s military warned off U.S. drones trying to approach Iranian war games near the mouth of the Gulf, Iranian state broadcaster IRIB has said. These aircraft (RQ-4 and MQ-9 US drones) changed their route after approaching the borders of the Islamic Republic of Iran following the air defence’s interception and decisive warning,” IRIB stated. Reuters reports.

France’s foreign minister has told his Iranian counterpart that when talks with world powers on reviving the 2015 nuclear deal resume at the end of this month, they must continue where they left off in June. “The comments suggest growing concern over Iran’s public rhetoric before indirect talks between Iran and the United States resume in Vienna on Nov. 29,” Reuters reports.


Authorities in Ethiopia are allegedly targeting and arresting Tigrayans. Witnesses said Tigrayans were arrested in Addis Ababa, following the escalation over the last week that led to a state of emergency in the country. Ethiopia’s Human Rights Commission has said that authorities were arresting people based on ethnicity under the state of emergency, which gave authorities power to detain people “suspected of collaborating with terrorist groups.” Tigrayans in Addis Ababa said that police would not explain why certain community members were arrested. A police commander in Addis Ababa said that the police were only arresting those who receive support from the TPLF (Tigray People’s Liberation Front). Katie Polglase, Gianluca Mezzofiore and Richard Allen Greene report for CNN

A TPLF spokesperson has said that their forces will keep marching towards the Ethiopian capital until the government lifts its blockade on the northern region. The spokesperson said that the rebels continued march was “not so much about Addis Ababa but our intention to arm-twist [Ethiopian Prime Minister Abiy Ahmed] to lift the blockade on our people.” “It is for Abiy to say yes to our demands…and put an end to the conflict,” the spokesperson said. BBC News reports.

The risk of Ethiopia “descending into widening civil war is only too real,” the U.N. under-secretary-general for political and peacebuilding affairs, Rosemary DiCarlo, told the U.N. Security Council yesterday. DiCarlo stated that despite much speculation “no one can predict what continued fighting and insecurity will bring,” but that the political repercussions of “intensifying violence in the wider region would be immense, compounding the many crises besetting the Horn of Africa.” DiCarlo also explained that while some emergency supplies have been moved, it has been four months since the last big shipment of medicines and health supplies into Tigray, where an estimated 400,000 people are living in famine-like conditions. Al Jazeera reports.


The Pentagon has said that it has not located an Islamic State – Khorasan Province (ISIS-K) safe house in Kabul that prompted an erroneous drone strike on Aug. 29. The drone strike killed 10 civilians, including seven children. In the days prior to the strike, the U.S. military said they had found a compound being used by ISIS-K planners north of the Kabul airport. An inquiry has found that the military was unable to locate the safe house. The inspector general who reviewed the strike said, “it was not faulty intelligence; it was just not specific.” Defense officials have stated publicly that neither the target of the strikehumanitarian aid worker Mr. Zemari Ahmadinor his boss, the owner of the purported safe house, had any ties to ISIS-K. Eric Schmitt reports for the New York Times

U.S. officials are worried about an increase in ISIS-K attacks in Afghanistan. U.S. special representative for Afghanistan Tom West has said that the Taliban are dealing with an escalation in attacks from ISIS-K. The U.S. is also concerned about al Qaeda’s ongoing presence in the country. West has expressed concern that ISIS-K could build the capacity to strike outside of Afghanistan within one to two years. Ellen Mitchell reports for The Hill

The Department of Defense (DOD) is stepping up efforts to help evacuate family members of U.S. troops still in Afghanistan. In a memo from last Thursday, the Undersecretary of Defense for Policy Colin Kahl instructed all U.S. military personnel or DOD civilian employees with immediate family members in Afghanistan who are seeking evacuation to contact a DOD-associated email address to register with a newly created database. In addition to names, the database will include passport information and contact details for the family members, according to the memo. “There are still several dozen immediate family members of U.S. service members in Afghanistan, according to defense officials. Those include children, sisters and brothers, and parents. There are well over 100 extended family members still in Afghanistan, but it’s not clear how many of them want to leave the country, the officials said,” Courtney Kube reports for NBC News.

President Biden’s administration is waiving some fees for Afghan evacuees as they seek work permits to try to gain residency in the U.S., in addition to waiving biometric testing requirements. “The move comes as some 70,000 Afghans arrive in the U.S., with many ‘paroled’ into the country through a temporary waiving of immigration laws that allows those who would not otherwise qualify to enter the U.S. to formalize their status later. Evacuees also will be able to apply for expedited processing to get their work permits or adjust their immigration status,” Rebecca Beitsch reports for The Hill.


Poland has blocked hundreds of migrants from entering the country at the Belarus border, as the migrant crisis at the Poland-Belarus border worsens. Poland fears that thousands more migrants are on their way and has deployed 12,000 troops to the region as a result. Poland has accused Belarus of pushing the migrants into Poland. Lithuania and Latvia also have reported surges of migrants from Belarus. The European Union says Belarus’s authoritarian leader is facilitating the migrants’ movement as retaliation for sanctions against him. Concerns for the safety of the migrants is also growing, as the region experiences sub-zero winter temperatures. BBC News reports.

Poland has warned of a possible “armed” escalation on its border with Belarus. A Polish government spokesperson said up to 4,000 migrants had gathered near Poland’s eastern border and told reporters that at some point they expected “an escalation… which will be of an armed nature.” “Belarus wants to cause a major incident, preferably with shots fired and casualties,” Polish Deputy Foreign Minister Piotr Wawrzyk said earlier, and the head of Poland’s national security department, Stanislaw Zaryn, has said the migrants are under the control of Belarusian armed units. “The Belarus defense ministry rejected the Polish statements as unfounded and unsubstantiated, and accused Warsaw of violating agreements by moving thousands of troops to the border,” BBC News reports.

The Pakistani government and the armed militant group the Pakistani Taliban, the Tehreek e Taliban Pakistan (TTP), have agreed to a one-month ceasefire while negotiations are underway to end years of fighting. Pakistan’s Information Minister Fawad Chaudhry announced yesterday that a “complete ceasefire” was agreed with the TTP, which is a banned Islamist group that is responsible for some of the deadliest attacks in Pakistan’s history. “In a statement, Chaudhry said talks with the TTP are ‘underway’ and a truce will be extended as the talks progress. He said negotiations are in accordance with the constitution of Pakistan. Talks will focus on ‘state sovereignty, national security, peace in conflict zones along with social and economic stability,’ Chaudhry said,” Sophia Saifi and Helen Regan report for CNN.

With almost all the votes counted in the Nicaraguan general elections, incumbent President Daniel Ortga has secured close to 76% of the vote. BBC News reports.

Secretary of State Antony Blinken has issued a scathing rebuke against the “undemocratic” elections in Nicaragua. “Nicaraguan President Ortega and Vice President Murillo have declared themselves the winners of national elections whose outcome has long been a foregone conclusion…The Ortega-Murillo government has deprived Nicaraguans of any real choice by dissolving all genuine opposition parties and imprisoning all the principal presidential candidates,” Blinken said in the statement. Laura Kelly reports for The Hill.

“The humanitarian situation in Myanmar is deteriorating,” U.N. Emergency Relief Coordinator Martin Griffiths has said, warning the military junta in Myanmar that the “world is watching.” In a statement, Griffiths highlighted the growing crisis in the country, including issues of displacement of hundreds of thousands of people, rising levels of food insecurity and escalating hostilities. UN News Centre reports.


The coronavirus has infected over 46.61 million people and has now killed over 755,600 people in the United States, according to data compiled by Johns Hopkins University. Globally, there have been over 250.41 million confirmed coronavirus cases and over 5.05 million deaths. Sergio Hernandez, Sean O’Key, Amanda Watts, Byron Manley and Henrik Pettersson report for CNN.

A map and analysis of the vaccine roll out across the U.S. is available at the New York Times.

A map and analysis of all confirmed cases of the virus in the U.S. is available at the New York Times.

U.S. and worldwide maps tracking the spread of the pandemic are available at the Washington Post.

A state-by-state guide to lockdown measures and reopenings is provided by the New York Times.

Latest updates on the pandemic at the Guardian.