US government agencies are warning the public of an expected increase in cyberattacks from hackers affiliated with the Russian government.
CISA has joined the National Security Agency (NSA) and the Department of Justice (DOJ) in an advisory detailing the threats posed by Russian hacking groups – both Advanced Persistent Threat Groups (APT ) state-sponsored and also private cybercrime gangs that support Russia. invasion of Ukraine. The advisory warned that organizations in Ukraine as well as outside the region, including the United States, could see “increased malicious cyber activity”.
“This activity may occur in response to the unprecedented economic costs imposed on Russia as well as the material support provided by the United States and its American allies and partners,” the advisory said.
The other four members of the “Five Eyes” intelligence network also signed the joint notice; the United Kingdom, New Zealand, Australia and Canada.
Most notably, the advisory addresses for the first time the issue of private cybercriminal hacking groups working directly with or acting on behalf of the Kremlin as Russia continues to attempt to disrupt communications in Ukraine as part of vigilante-style hacking.
“Since Russia’s invasion of Ukraine in February 2022, some cybercriminal groups have publicly and independently pledged to support the Russian government or the Russian people and/or have threatened to conduct retaliatory cyber operations against alleged attacks on Russia or material support for Ukraine,” the notice said. Lily. “These Russian-aligned cybercrime groups likely pose a threat to critical infrastructure organizations.”
While it has long been known in security circles that individual members of prominent cybercrime teams such as the Conti ransomware gang pledge their services on behalf of Russia, governments have largely focused more on threats from state-sponsored hackers who worked directly with the Kremlin and agencies such as the Russian Federal Security Service (FSB).
Meanwhile, the threat of hackers directly tied to Russian government agencies such as the FSB continues to loom over organizations based in countries that have shown support for Ukraine.
The advisory reiterated the long-held belief among US government agencies that Russia is preparing to launch a number of major cyberattacks against targets in the United States and Europe with the aim of disrupting critical infrastructure industries. President Biden warned against such attacks in March.
“Russian state-sponsored cyber actors have demonstrated the ability to compromise computer networks; develop mechanisms to maintain long-term persistent access to computer networks; exfiltrate sensitive data from computer and operational technology networks ( OT); and to disrupt critical industrial control systems (ICS)/OT functions by deploying destructive malware,” the joint advisory read.
Intelligence agencies are once again advising administrators and executives to adopt some of the best practices for securing their networks from attack. In addition to basic measures such as patching systems and security awareness training for end users, administrators are encouraged to enforce multi-factor authentication and block or closely monitor the use of security protocols. remote access such as RDP.