US and Allies Warn of Russian Hacking Threat to Critical Infrastructure
Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine’s borders.
The warning comes from cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom in a joint cybersecurity advisory with info on Russian state-backed hacking operations and Russian-aligned cybercrime groups.
“Critical infrastructure organizations should maintain a heightened state of alert against Russian cyber threats. Stay vigilant and follow the mitigations from our joint advisory to harden your IT and OT networks now,” the NSA warned today.
“Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups,” added CISA Director Jen Easterly.
Recommended actions to protect networks against attacks
The Five Eyes cybersecurity agencies recommends measures critical infrastructure orgs should take to harden their defenses and protect their information technology (IT) and operational technology (OT) networks against Russian state-sponsored and criminal cyber threats, including ransomware, destructive malware, DDoS attacks, and cyber espionage.
Defenders are advised to immediately prioritize patching actively exploited vulnerabilities, enforce multifactor authentication, secure and monitor remote desktop protocol (RDP), and provide end-user awareness and training.
Today’s joint advisory builds upon a similar one issued in January by the FBI, CISA, and NSA, exposing Russian hacking groups (including APT29, APT28, and the Sandworm Team) who have targeted organizations from US critical infrastructure sectors.
At the time, the US agencies urged critical infrastructure orgs to prepare for attacks orchestrated by Russian-backed hacking groups and advised US critical infrastructure defenders to focus on detecting malicious activity by enforcing robust log collection/retention to detect potential Russian-linked APT activity.
Russian APTs targeting orgs in the US and worldwide
These two advisories follow a May 2021 NCSC(UK)-CISA-FBI-NSA joint security advisory issued that asked network defenders to patch their systems to match the speed with which Russian-sponsored SVR hackers (aka APT29) are changing targets in their attacks.
That warning came after US and UK governments attributed the SolarWinds supply-chain attack and attacks against COVID-19 vaccine developers to APT29 cyber-espionage efforts.
The same day, NSA, CISA, and the FBI shared info on the top five security vulnerabilities exploited in SVR attacks against US interests.
In a fourth joint advisory published one year ago, the FBI, DHS, and CIA alerted US organizations of continued attacks linked to Russian SVR government hackers against both US and foreign entities.
The US government is also offering a reward of up to $10 million for information on malicious cyber activities conducted by state-backed hacking groups targeting the country’s critical infrastructure sectors.