<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1101872607;
mso-list-type:hybrid;
mso-list-template-ids:-1846142628 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1151214186;
mso-list-template-ids:258499868;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1655602343;
mso-list-template-ids:-404825322;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:2138642004;
mso-list-template-ids:-2096457570;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a (TLP:WHITE)
<b><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-110a">joint Cybersecurity Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure</a>.
</b>This CSA is intended to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased <a href="https://www.cisa.gov/uscert/russia">malicious cyber activity</a>. This activity may occur as
a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks (see <a href="https://urldefense.us/v3/__https:/www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZl8HmEGx4$">the
March 21, 2022, Statement by U.S. President Biden</a> for more information). Recent Russian state-sponsored cyber operations have included <a href="https://urldefense.us/v3/__https:/www.gov.uk/government/news/uk-assess-russian-involvement-in-cyber-attacks-on-ukraine__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlRjnwnew$">distributed
denial-of-service (DDoS) attacks</a>, and older operations have included <a href="https://urldefense.us/v3/__https:/www.ncsc.gov.uk/news/russian-military-almost-certainly-responsible-destructive-2017-cyber-attack__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZljvRbomA$">deployment
of destructive malware against Ukrainian government and critical infrastructure organizations</a>. </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in
retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups
have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">This advisory updates joint CSA <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-011a">Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure</a>,
and provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats.</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">For more information on Russian state-sponsored cyber activity, see CISA’s <a href="https://www.cisa.gov/uscert/russia">Russia Cyber Threat Overview and Advisories</a> webpage. For more information
on the heightened cyber threat to critical infrastructure organizations, see the following resources:</span><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">Cybersecurity and Infrastructure Security Agency (CISA) <a href="https://www.cisa.gov/shields-up">Shields Up</a> and <a href="https://www.cisa.gov/uscert/shields-technical-guidance">Shields
Up Technical Guidance</a> webpages </span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">Australian Cyber Security Centre’s (ACSC) Advisory <a href="https://urldefense.us/v3/__https:/www.cyber.gov.au/acsc/view-all-content/advisories/2022-02-australian-organisations-should-urgently-adopt-enhanced-cyber-security-posture__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlSRf2mX8$">Australian
Organisations Should Urgently Adopt an Enhanced Cyber Security Posture</a>. </span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">Canadian Centre for Cyber Security (CCCS) Cyber Threat Bulletin <a href="https://urldefense.us/v3/__https:/cyber.gc.ca/en/guidance/cyber-threat-bulletin-cyber-centre-urges-canadian-critical-infrastructure-operators-raise__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlvvD8PcQ$">Cyber
Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity</a></span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">National Cyber Security Centre New Zealand (NZ NCSC) General Security Advisory <a href="https://urldefense.us/v3/__https:/www.ncsc.govt.nz/newsroom/gsa-2022-2940/__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlVnbK0tY$">Understanding
and preparing for cyber threats relating to tensions between Russia and Ukraine</a></span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3"><span style="font-family:"Arial",sans-serif">United Kingdom’s National Cyber Security Centre (NCSC-UK) <a href="https://urldefense.us/v3/__https:/www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlMwZpUtM$">guidance</a> on
how to <a href="https://urldefense.us/v3/__https:/www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZlxrihKDo$">bolster cyber defences</a> in light
of the Russian cyber threat</span><o:p></o:p></li></ul>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">CISA Recommendation:
</span></b><o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo6"><span style="font-family:"Arial",sans-serif">Review the
<a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-110a">joint CSA</a> describing Russian state-sponsored cyber operations and commonly observed tactics, techniques, and procedures (TTPs), and apply the recommendations listed in the Mitigations section.
</span><o:p></o:p></li></ul>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">We kindly request any incidents or anomalous activity related to this message be reported to CISA at
<a href="https://us-cert.cisa.gov/report">https://us-cert.cisa.gov/report</a>, <u>
<a href="mailto:report@cisa.gov">report@cisa.gov</a></u>, or (888) 282-0870 and/or to the FBI via your local
<a href="https://urldefense.us/v3/__https:/www.fbi.gov/contact-us/field-offices__;!!BClRuOV5cvtbuNI!W6qie05tYckAEsKDqZIBLs4BI88Zna9lxlAk4Muq7L7SZm2VPQQBagU6Z8VEgHZl1v2SRmU$">
FBI field office</a> or the FBI’s 24/7 CyWatch at (855) 292-3937 or <a href="mailto:CyWatch@fbi.gov">
CyWatch@fbi.gov</a>.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;mso-fareast-language:JA"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image007.png@01D854EA.ADDE5820"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>