Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.
The latest advisory comes from CISA, the FBI and the NSA, and it provides TTPs, detection actions, incident response guidance, and mitigations for both IT and OT asset owners.
While the advisory does not seem to provide any new information, it has been described as a “good historical digest especially for those new to the topic” by Robert Lee, CEO and co-founder of industrial cybersecurity firm Dragos.
The advisory summarizes the older and more recent vulnerabilities exploited by Russian threat actors, as well as some of their high-profile operations. Examples of attacks include theft of data from government organizations and aviation networks, and operations aimed at industrial control systems (ICS) in the energy sector.
The advisory also reminds readers that the U.S. State Department is offering rewards of up to $10 million for information on state-sponsored hackers who have launched attacks on critical infrastructure.
“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” the advisory reads.
Some cybersecurity professionals believe the advisory may be related to the heightened tensions between the U.S. and Russia.
“It doesn’t take a huge analytic leap to assess that this advisory is likely tied to the tensions over the potential Russian invasion of Ukraine,” Adam Flatley, director of threat intelligence at Redacted, told SecurityWeek.
“It will be important for U.S. organizations, especially the critical infrastructure vertical, to pay extra attention to cybersecurity in order to mitigate Russia’s retaliatory options, should the U.S. ‘act decisively’ in response to an invasion as the Biden administration has promised. In times of heightened tensions, U.S. companies should monitor for threats on heightened alert, review and update incident response plans and patching regimes, and ensure that everyone who has a role in an incident clearly understands their responsibilities in case of a crisis,” Flatley added.
Rick Holland, CISO and VP of strategy at Digital Shadows, also believes we can expect Russian threat groups to increase their operations if the conflict over Ukraine escalates.
“Cyberspace has become a key component of geopolitics,” Holland said. “Russian APT groups aren’t at the top of the threat model for all companies, unlike the critical infrastructure providers mentioned in the alert, but could end up being collateral damage.”