Share this article on:
The five eyes cybersecurity agencies have recently issued a joint security alert warning about the threat of cyberattacks on critical infrastructure by Russian nation-state threat actors and pro-Russia cybercriminal groups.
Intelligence gathered by the agencies indicates the Russian government has been exploring opportunities for conducting cyberattacks against targets in the West in retaliation for the sanctions imposed on Russia and the support being provided to Ukraine. The agencies warn that Russian state-sponsored hacking groups have been conducting Distributed Denial of Service (DDoS) attacks in Ukraine and are known to have used destructive malware in Ukraine on government and critical infrastructure organizations. These hacking groups are highly skilled, can gain access to IT networks, maintain persistence, exfiltrate sensitive data, and can cause major disruption to critical systems, including industrial control systems.
The alert names several Russian government and military organizations that have engaged in these malicious activities, including the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and the Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM).
The FSB is known to have conducted cyber operations against the Energy Sector, including companies in the US and UK, private sector organizations, cybersecurity companies, and others, and has engaged cybercriminal hackers and tasked them with conducting espionage-focused activities. The SVR has conducted targeted attacks on critical infrastructure organizations and is known for conducting sophisticated attacks using stealthy intrusion tradecraft. The GRU has targeted a range of critical infrastructure organizations, and the TsNIIKhM has a history of conducting attacks on foreign companies and government organziations.
Several cybercriminal groups have publicly voiced their support for Russia and have threatened to conduct cyberattacks on organizations that are perceived to have conducted cyber offensives against the Russian government or the Russian people. These cybercriminal groups are thought to pose a threat to all critical infrastructure organizations, including healthcare. They primarily conduct DDoS attacks with extortion and ransomware attacks.
The cybersecurity agencies have urged all critical infrastructure entities to take steps to prepare for and mitigate cyberattacks. The alert provides detailed information on threat actors and state-sponsored hacking groups of concern and recommendations for preparing for and mitigating cyber threats.