[CDP-development] Joint Cybersecurity Advisory on Tactics Used by Russian State-Sponsored Actors to Target U.S. and International Energy Sector Organizations

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Mar 24 15:00:48 PDT 2022 

FYSA


The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) announced a joint Cybersecurity Advisory<https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/state-sponsored-russian-cyber-actors-targeted-energy-sector-2011> today with information on Russian state-sponsored cyber actors that conducted multiple intrusion campaigns targeting U.S. and international energy sector organizations from 2011 to 2018. This advisory is being published in conjunction with the U.S. Department of Justice announcement<https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical> of unsealed indictments today.
The advisory titled, "Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector<https://www.cisa.gov/uscert/ncas/alerts/aa22-083a>," provides the technical details about a global energy sector intrusion campaign using Havex malware, and a compromise of a Middle East-based energy sector organization using TRITON malware. In both instances, the threat actors were also involved in activity targeting U.S. energy sector companies.
While this advisory documents historical cyber activity, CISA, FBI and DOE assess that state-sponsored Russian cyber operations continue to pose an ongoing threat to U.S. Energy Sector networks. Actions that executives and leaders can take now to protect to their networks are:

  *   Implementing and ensuring robust network segmentation between information technology and industrial control systems (ICS) networks;
  *   Enforcing multifactor authentication to authenticate into a system; and
  *   Managing the creation of, modification of, use of, and permissions associated with privileged accounts.
In addition to reviewing this new advisory, CISA encourages critical infrastructure executives and senior leaders to review our "Shields Up" webpage at www.cisa.gov/shields-up<http://www.cisa.gov/shields-up>. Also, organizations should report incidents and unusual activity to CISA 24/7 Operations Center at report at cisa.gov<mailto:report at cisa.gov> or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch at fbi.gov<mailto:CyWatch at fbi.gov>.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D83F8F.D17D4270]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220324/255a1ec8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220324/255a1ec8/attachment-0001.png>

More information about the CDP-development mailing list