West lists Russia-affiliated hackers, warns of attack on critical infrastructure

Moscow is believed to be exploring options for a potential cyberattack involving malware, DDoS attacks, and cyber espionage.

The Five Eyes, an intelligence-sharing alliance consisting of the US, UK, Australia, Canada, and New Zealand, issued a joint warning, claiming Russian state-sponsored actors, together with cyber gangs, might strike critical infrastructure in the West.

According to the warning, the Russians might employ cyberattacks as retaliatory measures to the economic costs imposed on Russia in the wake of Moscow's war in Ukraine.

The cyber watchdogs of five countries claim that cybercrime groups might work in tandem with state-sponsored actors. For example, Conti, a notorious ransomware gang, pledged allegiance to Vladimir Putin after the Russian troops poured into Ukraine.

"These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people, "reads the statement.

Cybercrime groups might conduct distributed denial-of-service (DDoS) attacks or use well-known extortion tactics to disrupt critical infrastructure facilities, potentially causing significant disruption to operations.

The past 24 months saw several ransomware attacks on vital facilities in the West. These attacks might have been carried out with the Kremlin's political goals in mind.

Together with several Russian state agencies, the advisory lists several criminal groups that might work on Russia's behalf: The CoomingProject, Killnet, MUMMY SPIDER, SALTY SPIDER, SCULLY SPIDER, SMOKEY SPIDER, WIZARD SPIDER, The Xaknet Team.

Recommended mitigation measures for businesses and organizations are included in the advisory.

Last week the US, together with security researchers, announced they'd found a new strain of malware that targets industrial control systems (ICS) and could disrupt critical infrastructure.

Government-backed hackers developed a custom-made tool, dubbed Pipedream or INCONTROLLER, that enables threat actors to scan for, compromise, and control affected devices once they're connected to the operational technology (OT) network.

Earlier this month, Ukraine announced its Computer Emergency Response Team (CERT-UA) successfully prevented Russian hackers from attacking the country's electrical grid with Industroyer2 malware.

More from Cybernews:

A day in the life of a Ukraine cyber soldier

Dangers of quantum computing: from new-style warfare to breaking encryption

We need to fix the internet before expecting it to be better in the metaverse - interview

Retail and wholesale saw over 400% increase in phishing attacks

Know your NFT dealer, urges cybersec analyst

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked