The five eyes cybersecurity agencies have lately published a joint security advisory regarding the danger of cyberattacks on critical infrastructure carried out by pro-Russia cybercriminal groups and Russian nation-state threat actors.
Intelligence collected by the agencies shows the Russian government has been looking for chances for executing cyberattacks on targets based in the West to retaliate against the sanctions enforced on Russia and the help being given to Ukraine. The agencies state that Russian state-sponsored hacking groups were performing Distributed Denial of Service (DDoS) attacks in Ukraine and are identified to have utilized detrimental malware in Ukraine on government and critical infrastructure institutions. These hacking groups are very skilled, could obtain access to IT systems, maintain patience, exfiltrate sensitive information, and can cause serious interruption to critical systems, such as industrial control systems.
The alert pinpoints a number of the Russian government and military agencies that were involved in these malicious activities, which include the Russian Foreign Intelligence Service (SVR), the Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM), Russian Federal Security Service (FSB), and the Russian General Staff Main Intelligence Directorate (GRU).
The FSB is recognized to have performed cyber operations on the Energy Industry, which includes organizations in the USA and UK, private sector companies, cybersecurity firms, and others, and has involved cybercriminal attackers and assigned them to perform surveillance-focused activities. The SVR has performed focused attacks on critical infrastructure organizations and is identified for performing sophisticated attacks utilizing devious intrusion tradecraft. The GRU has targeted a variety of critical infrastructure organizations, and the TsNIIKhM has a record of executing attacks on international organizations and federal organizations.
A number of cybercriminal groups have openly voiced their assistance for Russia and have threatened to carry out cyberattacks on agencies that are known to have carried out cyber offensives on the Russian government or the Russian people. These cybercriminal gangs are believed to present a risk to all critical infrastructure organizations, which include healthcare. They mainly carry out DDoS attacks along with extortion and ransomware attacks.
The cybersecurity agencies have advised all critical infrastructure organizations to do something to get ready for and mitigate cyberattacks. The warning gives specific details on cyber attackers and state-sponsored hacking gangs of interest and advice for planning for and mitigating cyber risks.