Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount

Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.

Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.

The latest advisory comes from CISA, the FBI and the NSA, and it provides TTPs, detection actions, incident response guidance, and mitigations for both IT and OT asset owners.

While the advisory does not seem to provide any new information, it has been described as a “good historical digest especially for those new to the topic” by Robert Lee, CEO and co-founder of industrial cybersecurity firm Dragos.

The advisory summarizes the older and more recent vulnerabilities exploited by Russian threat actors, as well as some of their high-profile operations. Examples of attacks include theft of data from government organizations and aviation networks, and operations aimed at industrial control systems (ICS) in the energy sector.

The advisory also reminds readers that the U.S. State Department is offering rewards of up to $10 million for information on state-sponsored hackers who have launched attacks on critical infrastructure.

“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” the advisory reads.

Some cybersecurity professionals believe the advisory may be related to the heightened tensions between the U.S. and Russia.

“It doesn’t take a huge analytic leap to assess that this advisory is likely tied to the tensions over the potential Russian invasion of Ukraine,” Adam Flatley, director of threat intelligence at Redacted, told SecurityWeek.

“It will be important for U.S. organizations, especially the critical infrastructure vertical, to pay extra attention to cybersecurity in order to mitigate Russia’s retaliatory options, should the U.S. ‘act decisively’ in response to an invasion as the Biden administration has promised. In times of heightened tensions, U.S. companies should monitor for threats on heightened alert, review and update incident response plans and patching regimes, and ensure that everyone who has a role in an incident clearly understands their responsibilities in case of a crisis,” Flatley added.

Rick Holland, CISO and VP of strategy at Digital Shadows, also believes we can expect Russian threat groups to increase their operations if the conflict over Ukraine escalates.

“Cyberspace has become a key component of geopolitics,” Holland said. “Russian APT groups aren’t at the top of the threat model for all companies, unlike the critical infrastructure providers mentioned in the alert, but could end up being collateral damage.”

Related: Russian Hackers Exploiting Recently Patched VMware Flaw, NSA Warns

Related: U.S. Cyber Command Shares More Russian Malware Samples

Related: CISA Warns of Threat Posed by Ransomware to Industrial Systems

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.