Five Eyes Agencies Tell Critical Infrastructure Orgs Concerning Risk of Russian State-Sponsored and Criminal Cyberattacks

The five eyes cybersecurity agencies have just released a joint security advisory concerning the threat of cyberattacks on critical infrastructure conducted by Russian nation-state threat actors and pro-Russia cybercriminal groups.

Intelligence obtained by the agencies reveals the Russian government has been trying to find potential for running cyberattacks on targets located in the West to retaliate against the sanctions made on Russia and the help being offered to Ukraine. The agencies say that Russian state-sponsored hacking groups were performing Distributed Denial of Service (DDoS) attacks in Ukraine and are recognized to have employed dangerous malware in Ukraine on government and critical infrastructure establishments. These hacking groups are extremely skilled, could acquire access to IT sites, maintain determination, exfiltrate sensitive data files, and can cause big problems to critical systems, such as industrial control systems.

The alert identifies a few Russian government and military groups that were involved in these malicious activities, such as the Russian Foreign Intelligence Service (SVR), Russian Federal Security Service (FSB), the Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM), and the Russian General Staff Main Intelligence Directorate (GRU).

The FSB is identified to have carried out cyber operations against the Energy Segment, like businesses in the US and UK, private sector institutions, cybersecurity organizations, and others, and has engaged cybercriminal hackers and made them perform espionage-focused activities. The SVR has done targeted attacks on critical infrastructure organizations and is recognized for doing sophisticated attacks employing sneaky intrusion tradecraft. The GRU has targeted a selection of critical infrastructure organizations, and the TsNIIKhM has a track record of executing attacks on foreign firms and government organizations.

Many cybercriminal groups have freely voiced their assistance for Russia and have threatened to perform cyber attacks on institutions that are identified to have done cyber offensives versus the Russian government or the Russian people. These cybercriminal organizations are considered to cause a danger to all critical infrastructure organizations, which include healthcare. They principally carry out DDoS attacks together with extortion and ransomware attacks.

The cybersecurity agencies have told all critical infrastructure groups to make a move to be ready for and mitigate cyberattacks. The warning offers complete information on cyber threat actors and state-sponsored hacking groups of concern and instructions for getting ready for and mitigating cyber dangers.