US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks

Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure.

Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada, New Zealand, and the United Kingdom) issued a joint advisory warning of cyber attacks on critical infrastructure conducted by Russia-linked threat actors and criminal cyber threats.

The alert warns organizations that Russia’s invasion of Ukraine could lead to spillover effect across Europe. Intelligence agencies state that the Russia-linked APT groups are exploring options for potential cyberattacks.

“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.” read the advisory. “Additionally, some cybercrime groups have recently publicly pledged support for the Russian government.”

Cybersecurity agencies urge critical infrastructure network defenders to harden their systems to mitigate potential cyber threats. The joint advisory includes actions defenders can take to secure their information technology (IT) and operational technology (OT) networks, along with best practices for keeping networks secure and responding to cyber incidents.

• Actions recommended by the Five Eyes cybersecurity agencies to protect infrastructure against Russian
  state-sponsored and criminal cyber threats include:
• Patch all systems.
• Prioritize patching known exploited vulnerabilities.
• Enforce multifactor authentication.
• Secure and monitor remote desktop protocol and other risky services.
• Provide end-user awareness and training.

“Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups,” said CISA Director Jen Easterly. “We know that malicious cyber activity is part of the Russian playbook, which is why every organization – large and small – should take action to protect themselves during this heightened threat environment. We urge all critical infrastructure owners and operators as well as all organizations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for regular updated information to protect yourself and your business.”
 
“Threats to critical infrastructure remain very real,” said Rob Joyce, NSA Cybersecurity Director. “The Russia situation means you must invest and take action.”
 
“Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly, and state-sponsored malicious cyber activity is a real risk to organizations around the world,” said Sami Khoury, Head, Canadian Centre for Cyber Security. “By joining alongside our partners in releasing today’s joint advisory, the Communications Security Establishment and its Canadian Centre for Cyber Security continue to support making threat information more publicly available, while providing specific advice and guidance to help protect against these kinds of risks.”
 
“In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures, said Lindy Cameron, NCSC CEO. “It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets. The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber attacks, wherever they come from.”

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Russia)

[adrotate banner=”5″]

[adrotate banner=”13″]