Cybersecurity Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), with contributions from industry members of the Joint Cyber Defense Collaborative, announced https://cisa.gov/news/2022/04/20/cisa-fbi-nsa-and-international-partners-issue-advisory-demonstrated-threats-and   a joint Cybersecurity Advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure that could impact organizations both within and beyond Ukraine. It is the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.  

The advisory provides technical details on malicious cyber operations by actors from the:  

• Russian Federal Security Service (FSB), 
• Russian Foreign Intelligence Service (SVR), 
• Russian General Staff Main Intelligence Directorate (GRU), and 
• Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). 

It also includes details on Russian-aligned cyber threat groups and cybercrime groups. Some of these cybercrime groups have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine.  

The advisory https://us-cert.cisa.gov/ncas/alerts/aa22-110a  recommends several immediate actions for all organizations to take to protect their networks, which include:  

• Prioritize patching of known exploited vulnerabilities;
• Enforce multifactor authentication;
• Monitor remote desktop protocol (RDP); and
• Provide end-user awareness and training

Because evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, the cybersecurity authorities are providing this robust advisory with several resources and mitigations that can help the cybersecurity community protect against possible cyber threats from these adversarial groups. Executives, leaders, and network defenders are urged to implement recommendations to prepare for and mitigate the varied cyber threats listed in the Cybersecurity Advisory here. This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure https://www.cisa.gov/uscert/ncas/alerts/aa22-011a.

In addition to reviewing this new advisory, CISA encourages critical infrastructure executives and senior leaders to review our “Shields Up” webpage at www.cisa.gov/shields-up.  Also, organizations should share information on incidents and unusual activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7CyWatch at (855) 292-3937 or CyWatch@fbi.gov.