Cybersecurity and Infrastructure Security Agency (CISA) officials said the agency has joined a pair of government entities in releasing a Cybersecurity Advisory (CSA) providing an overview of Russian cyber operations.
Authorities indicated CISA joined the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in the notification effort, detailing commonly observed Russian tactics, techniques, and procedures.
CSA has provided detection actions, incident response guidance, and mitigations, with the three agencies collaborating to aid the cybersecurity community in reducing the risk presented by Russian state-sponsored cyber threats.
The agencies are urging critical infrastructure network defenders to adopt a heightened state of awareness and conduct proactive threat hunting while implementing the mitigations identified in the CSA.
Mitigation efforts that CISA, the FBI, and NSA encourage include confirming reporting processes and minimizing personnel gaps in IT / OT security coverage; adhering to best practices for identifying and accessing management, protective controls and architecture, and vulnerability and configuration management; and remaining current with regard to reporting threats while subscribing to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
The entities said organizations are also encouraged to review CISA’s Preparing for and Mitigating Cyber Threats for information that will reduce cyber threats.