[CDP-development] Joint Cybersecurity Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure - TLP: WHITE

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed Apr 20 19:13:44 PDT 2022 

FYSA

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a (TLP:WHITE) joint Cybersecurity Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure<https://www.cisa.gov/uscert/ncas/alerts/aa22-110a>. This CSA is intended to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity<https://www.cisa.gov/uscert/russia>. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see the March 21, 2022, Statement by U.S. President Biden<https://urldefense.us/v3/__https:/www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZl8HmEGx4$> for more information). Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks<https://urldefense.us/v3/__https:/www.gov.uk/government/news/uk-assess-russian-involvement-in-cyber-attacks-on-ukraine__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlRjnwnew$>, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations<https://urldefense.us/v3/__https:/www.ncsc.gov.uk/news/russian-military-almost-certainly-responsible-destructive-2017-cyber-attack__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZljvRbomA$>.

Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.

This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure<https://www.cisa.gov/uscert/ncas/alerts/aa22-011a>, and provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats.

For more information on Russian state-sponsored cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories<https://www.cisa.gov/uscert/russia> webpage. For more information on the heightened cyber threat to critical infrastructure organizations, see the following resources:

  *   Cybersecurity and Infrastructure Security Agency (CISA) Shields Up<https://www.cisa.gov/shields-up> and Shields Up Technical Guidance<https://www.cisa.gov/uscert/shields-technical-guidance> webpages
  *   Australian Cyber Security Centre’s (ACSC) Advisory Australian Organisations Should Urgently Adopt an Enhanced Cyber Security Posture<https://urldefense.us/v3/__https:/www.cyber.gov.au/acsc/view-all-content/advisories/2022-02-australian-organisations-should-urgently-adopt-enhanced-cyber-security-posture__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlSRf2mX8$>.
  *   Canadian Centre for Cyber Security (CCCS) Cyber Threat Bulletin Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity<https://urldefense.us/v3/__https:/cyber.gc.ca/en/guidance/cyber-threat-bulletin-cyber-centre-urges-canadian-critical-infrastructure-operators-raise__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlvvD8PcQ$>
  *   National Cyber Security Centre New Zealand (NZ NCSC) General Security Advisory Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine<https://urldefense.us/v3/__https:/www.ncsc.govt.nz/newsroom/gsa-2022-2940/__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlVnbK0tY$>
  *   United Kingdom’s National Cyber Security Centre (NCSC-UK) guidance<https://urldefense.us/v3/__https:/www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlMwZpUtM$> on how to bolster cyber defences<https://urldefense.us/v3/__https:/www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlxrihKDo$> in light of the Russian cyber threat
CISA Recommendation:

  *   Review the joint CSA<https://www.cisa.gov/uscert/ncas/alerts/aa22-110a> describing Russian state-sponsored cyber operations and commonly observed tactics, techniques, and procedures (TTPs), and apply the recommendations listed in the Mitigations section.

We kindly request any incidents or anomalous activity related to this message be reported to CISA at https://us-cert.cisa.gov/report, report at cisa.gov<mailto:report at cisa.gov>, or (888) 282-0870 and/or to the FBI via your local FBI field office<https://urldefense.us/v3/__https:/www.fbi.gov/contact-us/field-offices__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZl1v2SRmU$> or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch at fbi.gov<mailto:CyWatch at fbi.gov>.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image007.png at 01D854EA.ADDE5820]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220421/8d20659f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 16152 bytes
Desc: image007.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220421/8d20659f/attachment-0001.png>

More information about the CDP-development mailing list