Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount

Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.

Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.

The latest advisory comes from CISA, the FBI and the NSA, and it provides TTPs, detection actions, incident response guidance, and mitigations for both IT and OT asset owners.

While the advisory does not seem to provide any new information, it has been described as a “good historical digest especially for those new to the topic” by Robert Lee, CEO and co-founder of industrial cybersecurity firm Dragos.

The advisory summarizes the older and more recent vulnerabilities exploited by Russian threat actors, as well as some of their high-profile operations. Examples of attacks include theft of data from government organizations and aviation networks, and operations aimed at industrial control systems (ICS) in the energy sector.

The advisory also reminds readers that the U.S. State Department is offering rewards of up to $10 million for information on state-sponsored hackers who have launched attacks on critical infrastructure.

“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” the advisory reads.

Some cybersecurity professionals believe the advisory may be related to the heightened tensions between the U.S. and Russia.

“It doesn’t take a huge analytic leap to assess that this advisory is likely tied to the tensions over the potential Russian invasion of Ukraine,” Adam Flatley, director of threat intelligence at Redacted, told SecurityWeek.

“It will be important for U.S. organizations, especially the critical infrastructure vertical, to pay extra attention to cybersecurity in order to mitigate Russia’s retaliatory options, should the U.S. ‘act decisively’ in response to an invasion as the Biden administration has promised. In times of heightened tensions, U.S. companies should monitor for threats on heightened alert, review and update incident response plans and patching regimes, and ensure that everyone who has a role in an incident clearly understands their responsibilities in case of a crisis,” Flatley added.

Rick Holland, CISO and VP of strategy at Digital Shadows, also believes we can expect Russian threat groups to increase their operations if the conflict over Ukraine escalates.

“Cyberspace has become a key component of geopolitics,” Holland said. “Russian APT groups aren’t at the top of the threat model for all companies, unlike the critical infrastructure providers mentioned in the alert, but could end up being collateral damage.”

Related: Russian Hackers Exploiting Recently Patched VMware Flaw, NSA Warns

Related: U.S. Cyber Command Shares More Russian Malware Samples

Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.