Global organisations issue joint advisory on Russian cyber threats

Share

Cyber security agencies across the world have issued a joint Cybersecurity Advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure that could impact organizations both within and beyond Ukraine.   

Cyber security experts have noticed an increased potential for cyber-attacks on critical infrastructures lately, which can cause serious impacts even for countries and organisations not directly targeted by the attacks. 

The CISA, along with the FBI, NSA, ACSC, CCCS, NZ NCSC, NCSC-UK and NCA and contributions from industry members of the Joint Cyber Defense Collaborative, have created the most comprehensive view of Russia’s cyber threat to global critical infrastructure that has been released by government cyber experts since the invasion of Ukraine in February 

The advisory provides technical details on malicious cyber operations by actors from the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). 

It also includes details on Russian-aligned cyber threat groups and cybercrime groups, who have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine.  

The advisory recommends several immediate actions for all organizations to take to protect their networks, which include:   

  • Prioritize patching of known exploited vulnerabilities;  
  • Enforce multi-factor authentication;  
  • Monitor remote desktop protocol (RDP); and  
  • Provide end-user awareness and training  

“We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyber attacks against U.S. critical infrastructure. Today’s cybersecurity advisory reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland,” said CISA Director Jen Easterly.  

“We urge all organizations to review the guidance in this advisory for continually updated information on how to protect yourself and your business.”   

 FBI Cyber Division’s Assistant Director Bryan Vorndran stated that the organisation was focused on exposing and disrupting malicious cyber activity by Russia against allies and its own networks. 

“We are working alongside our federal and international partners to quickly share information that helps the private industry as well as the public to better protect and defend their systems from these threats,” he said. 

“We will continue to investigate these malicious threat actors through our unique authorities and hold them accountable for their actions. We urge our partners and the public to report any suspicious activity.”  

Australian Cyber Security Centre’s Head Abigail Bradshaw said that the current cyber security climate shows that organisations to improve their cyber security posture, understand their critical systems and risks, and exercise readiness. 

“In particular, critical infrastructure organisations should act now to raise defences, not wait until being attacked,” she said.   

Because evolving intelligence have indicated that the Russian Government is exploring options for potential cyberattacks, cyber security authorities have provided this robust advisory with several resources and mitigations to help the cybersecurity community protect itself against possible cyber threats from these adversarial groups.  

All organizations should also share information about incidents and unusual cyber activity with their respective cybersecurity authorities. When cyber incidents are reported quickly, it can contribute to stopping further attacks. 

Source: Australian Cyber Security Centre