Further developments in the Incontroller/Pipedream industrial control system threat. Conti claims responsibility for the Nordex hack. The half-a-billion stolen from Ronin went to the Lazarus Group. And indictments in an influence ops case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/73 Selected reading. Ukraine war: Russia threatens to step up attacks on Kyiv (BBC News)  Live Updates: Russia Sets Stage for Battle to Control Ukraine’s East (New York Times) Russian Troops Risk Repeating Blunders If They Try for May 9 Win (Bloomberg)  Why Putin may be aiming to declare victory over Ukraine on May 9 (Fortune)  What Victory Day means for Russian identity (Washington Post)  Spy games: expulsion of diplomats shines light on Russian espionage (the Guardian) Finland and Sweden pursue unlinked NATO membership (Defense News) What Finland Can Offer NATO (Foreign Policy) U.S. warns energy firms of a rapidly advancing hacking threat (E&E News)  Wind turbine firm Nordex hit by Conti ransomware attack (BleepingComputer)  Karakurt revealed as data extortion arm of Conti cybercrime syndicate (BleepingComputer) Threat Spotlight: Conti Ransomware Group Behind the Karakurt Hacking Team (Infinitum) US agency attributes $540 million Ronin hack to North Korean APT group (The Record by Recorded Future) North Korea Designation Update (U.S. Department of the Treasury)  Russian legislator, staff accused of trying to influence US lawmakers: DOJ (Newsweek)  Russian Legislator and Two Staff Members Charged with Conspiring to Have U.S. Citizen Act as an Illegal Agent of the Russian Government in the United States (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices