The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) (AA22-110A) to warn organizations of the potential for increased Russian malicious cyber activity as a response to the unprecedented economic costs imposed on Russia as well as the materiel support provided by the U.S. and its allies and partners. Members are encouraged to review the advisory and immediately take action to protect against and mitigate this activity.
Evolving intelligence indicates the Russian government is exploring options for potential cyber operations including distributed denial-of-service (DDoS) attacks and deployment of destructive malware against critical infrastructure organizations. Network defenders are urged to prepare for and mitigate against potential cyber threats—including destructive malware, ransomware, DDoS attacks, and cyber espionage—by hardening their cyber defenses and performing due diligence in identifying indicators of malicious activity.
Immediate mitigation actions include:
- Prioritize patching known exploited vulnerabilities.
- Enforce multifactor authentication.
- Secure and monitor Remote Desktop Protocol.
- Provide end-user awareness and training.
According to the advisory, Russian state-sponsored cyber actors have demonstrated capabilities to compromise IT networks; develop mechanisms to maintain long-term, persistent access to IT networks; exfiltrate sensitive data from IT and operational technology (OT) networks; and disrupt critical industrial control systems (ICS)/OT functions by deploying destructive malware.
Historical operations have included deployment of destructive malware including BlackEnergy and NotPetya against Ukrainian government and critical infrastructure organizations. Recent Russian state-sponsored cyber operations have included DDoS attacks against Ukrainian organizations, the advisory notes.
Note: for more information on Russian state-sponsored cyber activity, including known tactics, techniques, and procedures (TTPs), see joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.
Additionally, the advisory provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats. For additional details, including previously observed malicious cyber operations of Russian state-sponsored groups, access the full advisory at CISA.