IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US gov issues fresh warning over Russian threat to critical infrastructure

The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks

Cyber security specialists at the US government have warned critical infrastructure network defenders to "adopt a heightened state of awareness" against Russian state-sponsored cyber attacks.

The Federal Bureau of Investigation (FBI), Cyber Security and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) issued a joint advisory on Tuesday providing an overview of the commonly used tactics and techniques used by Russian state-backed threat actors so the security community can take a more proactive stance on threat hunting.

The trio of federal agencies said these Russian hackers typically exploit flaws in popular enterprise products, listing known issues in products including Cisco routers (CVE-2019-1653), Oracle WebLogic (CVE-2020-14882), Citrix (CVE-2019-19781), Pulse Secure (CVE-2019-11510), and Microsoft Exchange (CVE-2020-0688).

"Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware," the joint advisory reads. "The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments - including cloud environments - by using legitimate credentials.

"In some cases, Russian state-sponsored cyber operations against critical infrastructure organisations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware."

Organisations are recommended to apply a range of mitigations to ensure functional resilience and lower the risk of compromise. These include measures such as confirming reporting processes, minimising personnel gaps in security coverage, following industry best practices for identity and access management, and proactively monitoring threat feeds for patches.

Because Russian threat actors have a history of lingering in networks undetected for long periods of time, the FBI, NSA, and CISA recommend all critical infrastructure organisations to also implement robust log collection and retention, to aid incident investigations, and to proactively look for behavioural irregularities such as password spray attempts and detecting use of compromised credentials.

The trio of agencies also highlighted a number of incidents in recent history where Russian state-sponsored hackers have been found to attack local governments and critical infrastructure. 

From September 2020 to "at least" December 2020, Russian attackers targeted "dozens" of state, local, tribal, and territorial governments, as well as aviation networks, succeeding in extracting data from multiple victims.

They also pointed to Russia's instruction campaign in the US' energy sector between 2011 and 2018, deploying malware specially crafted for critical infrastructure environments and stealing data related to the industry. 

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

"When the FBI, CISA and NSA team up to issue a joint alert about Russian state-sponsored APTs, every security team on the planet needs to sit up and take notice," said Dr Süleyman Özarslan, co-founder of Picus Security to IT Pro. "This alert highlights the seriousness and prevalence of ongoing malicious cyber operations by Russian state-sponsored APT actors. It should also be of great assistance to the cybersecurity community in reducing the risk posed by these threats."

The advisory comes as US officials join Russia's representatives in Geneva to discuss Russia's potential invasion of Ukraine, a country which was also on the receiving end of Russian hackers targeting critical infrastructure between 2015 and 2016, the advisory noted.

Cyber security expert and former CISA director Chris Krebs suggested the timing of the advisory's publication could be interpreted as a warning to US organisations to prepare for the Geneva talks to go south, which they reportedly are after eight hours of discussions.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022