On April 20, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom—the so-called “Five Eye” governments—announced the publication of Alert AA22-110A, a Joint Cybersecurity Advisory (the “Advisory”) warning critical infrastructure organizations throughout the world that the Russian invasion of Ukraine could expose them “to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.” The Advisory is intended to update a January 2022 Joint Cybersecurity Advisory, which provided an overview of Russian state-sponsored cyber operations and tactics, techniques, and procedures (“TTPs”).
In its announcement, the authorities urged critical infrastructure network defenders in particular “to prepare for and mitigate potential cyber threats by hardening their cyber defenses” as recommended in the Advisory.
Overview. The Advisory notes that “evolving intelligence” indicates that the Russian government is exploring options for potential cyber attacks and that some cybercrime groups have recently publicly pledged support for the Russian government and threatened to conduct cyber operations on behalf of the Russian government. The Advisory summarizes TTPs used by five state-sponsored advanced persistent threat (“APT”) groups, two Russian-aligned cyber threat groups, and eight Russian-aligned cybercrime groups. Additionally, it provides a list of mitigations and suggests that critical infrastructure organizations should implement certain mitigations “immediately.”
Russian State-Sponsored Cyber Operations. The Advisory notes that Russian state-sponsored cyber actors have “demonstrated capabilities” to compromise networks; maintain long-term, persistent access to networks; exfiltrate sensitive data from information technology (“IT”) and operational technology (“OT”) networks; and disrupt critical industrial control systems (“ICS”) and OT networks by deploying destructive malware. The Advisory details five Russian APT groups:
Continue Reading International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure