The US warns of Russian cyber-operations against critical infrastructure
The warning comes amidst strained relations between the US and Russia over security concerns in Europe.
The FBI, the NSA, and CISA warned the cybersecurity community to adopt a ‘heightened state of awareness,’ especially concerning the defense of critical infrastructure.
The warning states that Russian state-sponsored advanced persistent threat (APT) actors commonly use time-tested tactics such as spearphishing, brute force, and exploiting known vulnerabilities.
“Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” reads the advisory.
Russian hackers are credited with the ability to maintain a long-term presence without any detection in on-premise and cloud environments.
Russian state-sponsored cyber operation against critical infrastructure specifically targets operational technology and industrial control systems with destructive malware.
The critical infrastructure that Russian APT actors target includes the Defense Industrial Base and the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors.
The FBI, the NSA, and CISA list three key examples of Russian state-sponsored hackers targeting critical infrastructure.
From September 2020 through December 2020, Russian state-sponsored APT actors targeted state, local, tribal, and territorial (SLTT) governments and aviation networks.
According to the advisory, from 2011 till 2018, Russian threat actors conducted a multi-stage intrusion campaign. They gained remote access to the US and international energy sector networks, deployed ICS-focused malware, and collected and exfiltrated data.
Another notable attempt to tamper with critical infrastructure came in 2015-2016 when Russian APT actors carried out a large-scale cyberattack against Ukrainian energy distribution companies. The attack resulted in unplanned power outages all over Ukraine.
US critical infrastructure companies are advised to focus on implementing robust log collection and retention practices, seek for behavioral evidence or network and host-based artifacts.
US-Russia relations have been tense on the cyber front for the past year.
In December 2020, the SolarWinds supply chain attack made the headlines when a Russian cyberespionage group tampered with updates for SolarWinds’ Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices.
Later, in 2021, several commodity-driven ransomware groups thought to originate from Russia attacked several US critical infrastructure facilities.
More from CyberNews:
Subscribe to our newsletter