WASHINGTON – The United States and allied cybersecurity authorities issued a joint Cybersecurity Advisory today on the increased threat of Russian cyber groups targeting critical infrastructure that could impact organizations both within and beyond the Ukraine region. The Cybersecurity and Infrastructure Security Agency (CISA) authored “Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure” in partnership with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), and with contributions from industry members of CISA’s Joint Cyber Defense Collaborative.
The advisory provides technical details on malicious cyber operations by actors from the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). It also includes details on Russian-aligned cyber threat groups and cybercrime groups. Some of these cybercrime groups have recently publicly pledged support for the Russian government or people and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine.
The advisory recommends several immediate actions for all organizations to take to protect their networks, which include:
- Prioritize patching of known exploited vulnerabilities
- Enforce multifactor authentication
- Monitor remote desktop protocol (RDP) and
- Provide end-user awareness and training
“Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups,” said CISA Director Jen Easterly. “We know that malicious cyber activity is part of the Russian playbook, which is why every organization – large and small – should take action to protect themselves during this heightened threat environment. We urge all critical infrastructure owners and operators as well as all organizations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for regular updated information to protect yourself and your business.”
“Threats to critical infrastructure remain very real,” said Rob Joyce, NSA Cybersecurity Director. “The Russia situation means you must invest and take action.”
“Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly, and state-sponsored malicious cyber activity is a real risk to organizations around the world,” said Sami Khoury, Head, Canadian Centre for Cyber Security. “By joining alongside our partners in releasing today’s joint advisory, the Communications Security Establishment and its Canadian Centre for Cyber Security continue to support making threat information more publicly available, while providing specific advice and guidance to help protect against these kinds of risks.”
“In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures, said Lindy Cameron, NCSC CEO. “It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets. The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber attacks, wherever they come from.”
Because evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, the cybersecurity authorities are providing this robust advisory with several resources and mitigations that can help the cybersecurity community protect against possible cyber threats from these adversarial groups. Executives, leaders, and network defenders are urged to implement recommendations to prepare for and mitigate the varied cyber threats listed in the Cybersecurity Advisory here.
This advisory provides immediate actions defenders can take to prepare their information technology (IT) and operational technology (OT) networks against exploitation or destructive operations. It also includes general best practices for keeping networks secure and responding to cyber incidents.
NSA and its partners have assessed there is an increased threat and encourage vigilance as critical infrastructure networks could be targeted with destructive malware, distributed denial-of-service (DDoS), ransomware attacks, and cyber espionage.