Federal agencies, international partners issue warning on Russian cyber threats

Three federal agencies and a number of international partners issued a joint advisory on Wednesday regarding Russian cyber threats targeting critical infrastructure that could affect “organizations both within and beyond Ukraine.”

The Cybersecurity and Infrastructure Security Agency (CISA) in a statement on Wednesday said the advisory is “the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.”

The advisory includes information regarding “malicious cyber operations” perpetrated by actors associated with the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU) and the Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics, according to CISA.

The agency said the advisory also includes information on Russia-associated cyber threat and cybercrime groups, some of which have recently expressed support for the Russian government.

Additionally, CISA said some of the cybercrime groups mentioned in the advisory “have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing material support to Ukraine.”

The federal agencies and international partners are recommending that organizations take a number of immediate actions to safeguard their networks, including emphasizing the treatment of known exploited vulnerabilities, enforcing multiple authentications, supervising remote desktop protocols and accommodating end-user awareness training.

CISA, the FBI and the National Security Agency signed on to the advisory, in addition to the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the National Cyber Security Centre New Zealand and the United Kingdom’s National Cyber Security Centre.

CISA Director Jen Easterly said the advisory “reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland.”

“We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure,” she added.

Wednesday’s advisory comes in the seventh week of Russia’s invasion of Ukraine, which began on Feb. 24. Last month the White House urged private organizations to strengthen their cyber defenses, pointing to intelligence that suggested the Russian government was looking into “options for potential cyberattacks” that take aim at U.S. critical infrastructure.

“To be clear, there is no certainty there will be a cyber incident on critical infrastructure,” White House deputy national security adviser for cyber and emerging technology Anne Neuberger told reporters during a briefing.

“So why am I here? Because this is a call to action and a call to responsibility for all of us,” she added.