A joint cybersecurity advisory was issued this week by a collection of various U.S. intelligence and security agencies, as well as international partners, providing a comprehensive overview of Russian state-sponsored and criminal cyber threats to critical infrastructure.
This focus on Russia produced the most extensive review of the nation’s capacity as a cyber threat since its invasion of Ukraine began in February. Now, agencies like the Cybersecurity and Infrastructure Security Agency (CISA) in the United States, along with the Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA) say that Russian services could pose a danger to organizations both within and beyond Ukraine.
“We know that malicious cyber activity is part of the Russian playbook,” CISA Director Jen Easterly said. “We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure. Today’s cybersecurity advisory released jointly by CISA and our interagency and international partners reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland. We urge all organizations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for continually updated information on how to protect yourself and your business.”
The advisory recommended that public and private organizations begin to protect their networks through measures such as:
- Patching of known exploited vulnerabilities
- Multifactor authentication
- Monitoring remote desktop protocol (RDP)
- End-user awareness and training
Further, the advisory offered technical details on cyber operations undertaken by the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM), along with certain Russian-aligned cyber threat groups and cybercriminal organizations. Some have openly threatened retaliation for perceived slights or cyber offensives against Russia, or more generally, to attack countries and organizations supporting Ukraine.
“Cyberattacks have evolved and increased in scale and severity over recent years, with the criminal groups behind them targeting the critical infrastructure of countries around the world,” Rob Jones, NCA Director General for Cyber, said. “The NCA leads the UK law enforcement response to this threat, working with a range of international partners to investigate cybercriminals and disrupt the services they rely on. It is vital that organizations help bolster this response by enhancing cyber resilience and reporting any incidents of cybercrime to the authorities to allow timely mitigation of further attacks.”