US Federal Agencies Warn Critical Infrastructure Organizations of Cyber Threats From Russian Hackers

The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency on Tuesday issued a joint cybersecurity advisory warning critical infrastructure organizations of cyber threats from Russian state-sponsored hackers in an effort to help reduce the risks posed by such threats.

“Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks,” the advisory reads.

Officials listed a string of known vulnerabilities exploited by suspected Russian hacking groups in the past.

“Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware,” officials said. “The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments—by using legitimate credentials.”

Officials said that in some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have “specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware” and listed a string of malware used in such attacks.

The agencies noted that hackers have targeted “state, local, tribal, and territorial (SLTT) governments and aviation networks” from September 2020, through at least December 2020 and were able to successfully infiltrate networks and get their hands on data from multiple victims.

Through 2011 to 2018, Russian hackers were also able to remotely access U.S. and international energy sector networks where they deployed malware and collected ICS-related data.

Between 2015 and 2016, Russian state-sponsored APT actors conducted a cyberattack against Ukrainian energy distribution companies, officials said, which led to those companies experiencing unplanned power outages in December 2015.

“CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA,” the notice continues.

The agencies recommend that critical infrastructure organizations be prepared for such attacks by minimizing personnel gaps in the technologies used to protect people, assets, and information, creating and maintaining a cyber incident response plan, and reporting any such incidents to the Cybersecurity and Infrastructure Security Agency, among others.

“These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation,” officials said.

The notice comes after U.S. and Russian negotiators concluded special talks on Monday which were aimed at deescalating ongoing tensions over Russia’s increased military presence along the Ukrainian border.

Despite several hours of talks in the Swiss city of Geneva, no major progress appeared to have been made.

“Unfortunately we have a great disparity in our principled approaches to this,” Russian Deputy Foreign Minister Sergei Ryabkov said during a news conference on Monday. “The U.S. and Russia in some ways have opposite views on what needs to be done.”

Ryabkov also stressed after the meeting that Moscow has no plans to invade Ukraine, despite growing concern among Western nations after Russian President Vladimir Putin reportedly amassed more than 100,000 soldiers near the border shared by the two nations, sparking concerns of a possible invasion. Russia has repeatedly denied the accusation.

From The Epoch Times